CVE-2026-6920
published 2026-04-23CVE-2026-6920: Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially…
critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome | < 147.0.7727.116 | 147.0.7727.116 | |
| chrome | >= 147.0.7727.117 < 147.0.7727.117 | 147.0.7727.117 | |
| chrome_desktop | — | — |
Red Hat
Google Chrome: Chromium: chromium-browser: Out of bounds read in GPU
vendor_redhat·2026-04-23·CVSS 9.6
CVE-2026-6920 [CRITICAL] CWE-125 Google Chrome: Chromium: chromium-browser: Out of bounds read in GPU
Google Chrome: Chromium: chromium-browser: Out of bounds read in GPU
An out of bounds read flaw was found in the GPU component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=499891888
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Chrome
Stable Channel Update for Desktop: CVE-2026-6919
vendor_chrome·2026-04-22·CVSS 9.6
CVE-2026-6919 [HIGH] Stable Channel Update for Desktop: CVE-2026-6919
Stable Channel Update for Desktop
CVE-2026-6919: Use after free in DevTools. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-18 [TBD][ 499891888 ] High CVE-2026-6920: Out of bounds read in GPU
Reported by tatiwari of Microsoft on 2026-04-06 [TBD][ 493315759 ] Medium CVE-2026-6921: Race in GPU
Severity: high
VulDB
Google Chrome up to 147.0.7727.101 on Android GPU out-of-bounds
vuldb·2026-04-23·CVSS 9.6
CVE-2026-6920 [CRITICAL] Google Chrome up to 147.0.7727.101 on Android GPU out-of-bounds
A vulnerability, which was classified as critical, was found in Google Chrome on Android. This affects an unknown function of the component GPU. Executing a manipulation can lead to out-of-bounds read.
This vulnerability appears as CVE-2026-6920. The attack may be performed from remote. There is no available exploit.
You should upgrade the affected component.
GHSA
GHSA-wr5x-gh5c-99v2: Out of bounds read in GPU in Google Chrome on Android prior to 147
ghsa_unreviewed·2026-04-23
CVE-2026-6920 [HIGH] CWE-125 GHSA-wr5x-gh5c-99v2: Out of bounds read in GPU in Google Chrome on Android prior to 147
Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
No detection rules found.
No public exploits indexed.
2026-04-23
Published