CVE-2026-7339
published 2026-04-28CVE-2026-7339: Heap buffer overflow in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
Heap buffer overflow in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome | < 147.0.7727.138 | 147.0.7727.138 | |
| chrome | >= 147.0.7727.138 < 147.0.7727.138 | 147.0.7727.138 | |
| chrome_desktop | — | — |
VulDB
Google Chrome up to 147.0.7727.117 WebRTC heap-based overflow (ID 493957 / EUVD-2026-26165)
vuldb·2026-04-30
CVE-2026-7339 [CRITICAL] Google Chrome up to 147.0.7727.117 WebRTC heap-based overflow (ID 493957 / EUVD-2026-26165)
A vulnerability classified as critical was found in Google Chrome. This vulnerability affects unknown code of the component WebRTC. The manipulation results in heap-based buffer overflow.
This vulnerability is identified as CVE-2026-7339. The attack can be executed remotely. There is not any exploit available.
Upgrading the affected component is advised.
GHSA
GHSA-qvm5-p652-9356: Heap buffer overflow in WebRTC in Google Chrome prior to 147
ghsa_unreviewed·2026-04-29
CVE-2026-7339 [HIGH] CWE-122 GHSA-qvm5-p652-9356: Heap buffer overflow in WebRTC in Google Chrome prior to 147
Heap buffer overflow in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Chrome
Stable Channel Update for Desktop: CVE-2026-7339
vendor_chrome·2026-04-28
CVE-2026-7339 [MEDIUM] Stable Channel Update for Desktop: CVE-2026-7339
Stable Channel Update for Desktop
CVE-2026-7339: Heap buffer overflow in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-19 [$3000][ 497896137 ] Medium CVE-2026-7340: Integer overflow in ANGLE
Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-30 [TBD][ 498285711 ] Medium CVE-2026-7355: Use after free in Media
Severity: medium
Red Hat
chromium-browser: Heap buffer overflow in WebRTC
vendor_redhat·2026-04-28·CVSS 8.8
CVE-2026-7339 [MEDIUM] CWE-787 chromium-browser: Heap buffer overflow in WebRTC
chromium-browser: Heap buffer overflow in WebRTC
A heap buffer overflow flaw was found in the WebRTC component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=493957495
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-7333 CVE-2026-7334 CVE-2026-7335 CVE-2026-7336 CVE-2026-7337 CVE-2026-7338 CVE-2026-7339 CVE-2026-7340 CVE-2026-7341 CVE-2026-7342 CVE-2026-7343 CVE-2026-7344 CVE-2026-7345 CVE-2026-7346 CVE-
bugzilla·2026-04-29
CVE-2026-7333 [CRITICAL] CVE-2026-7333 CVE-2026-7334 CVE-2026-7335 CVE-2026-7336 CVE-2026-7337 CVE-2026-7338 CVE-2026-7339 CVE-2026-7340 CVE-2026-7341 CVE-2026-7342 CVE-2026-7343 CVE-2026-7344 CVE-2026-7345 CVE-2026-7346 CVE-
CVE-2026-7333 CVE-2026-7334 CVE-2026-7335 CVE-2026-7336 CVE-2026-7337 CVE-2026-7338 CVE-2026-7339 CVE-2026-7340 CVE-2026-7341 CVE-2026-7342 CVE-2026-7343 CVE-2026-7344 CVE-2026-7345 CVE-2026-7346 CVE-2026-7347 ... chromium: various flaws [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-7333 CVE-2026-7334 CVE-2026-7335 CVE-2026-7336 CVE-2026-7337 CVE-2026-7338 CVE-2026-7339 CVE-2026-7340 CVE-2026-7341 CVE-2026-7342 CVE-2026-7343 CVE-2026-7344 CVE-2026-7345 CVE-2026-7346 CVE-
bugzilla·2026-04-29
CVE-2026-7333 [CRITICAL] CVE-2026-7333 CVE-2026-7334 CVE-2026-7335 CVE-2026-7336 CVE-2026-7337 CVE-2026-7338 CVE-2026-7339 CVE-2026-7340 CVE-2026-7341 CVE-2026-7342 CVE-2026-7343 CVE-2026-7344 CVE-2026-7345 CVE-2026-7346 CVE-
CVE-2026-7333 CVE-2026-7334 CVE-2026-7335 CVE-2026-7336 CVE-2026-7337 CVE-2026-7338 CVE-2026-7339 CVE-2026-7340 CVE-2026-7341 CVE-2026-7342 CVE-2026-7343 CVE-2026-7344 CVE-2026-7345 CVE-2026-7346 CVE-2026-7347 ... chromium: various flaws [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-7339 chromium-browser: Heap buffer overflow in WebRTC
bugzilla·2026-04-28
CVE-2026-7339 [MEDIUM] CVE-2026-7339 chromium-browser: Heap buffer overflow in WebRTC
CVE-2026-7339 chromium-browser: Heap buffer overflow in WebRTC
Heap buffer overflow in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Bugzilla
CVE-2025-7339 golang-github-task: on-headers vulnerable to http response header manipulation [fedora-42]
bugzilla·2025-07-17·CVSS 3.4
CVE-2025-7339 [LOW] CVE-2025-7339 golang-github-task: on-headers vulnerable to http response header manipulation [fedora-42]
CVE-2025-7339 golang-github-task: on-headers vulnerable to http response header manipulation [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-7339 h3: on-headers vulnerable to http response header manipulation [fedora-42]
bugzilla·2025-07-17·CVSS 3.4
CVE-2025-7339 [LOW] CVE-2025-7339 h3: on-headers vulnerable to http response header manipulation [fedora-42]
CVE-2025-7339 h3: on-headers vulnerable to http response header manipulation [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-7339 onnxruntime: on-headers vulnerable to http response header manipulation [fedora-42]
bugzilla·2025-07-17·CVSS 3.4
CVE-2025-7339 [LOW] CVE-2025-7339 onnxruntime: on-headers vulnerable to http response header manipulation [fedora-42]
CVE-2025-7339 onnxruntime: on-headers vulnerable to http response header manipulation [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clos
2026-04-28
Published