CVE-2026-7351
published 2026-04-28CVE-2026-7351: Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via…
low3.1CVSS 3.1
AVNACHPRNUIRSUCLINAN
Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: High)
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome | < 147.0.7727.138 | 147.0.7727.138 | |
| chrome | >= 147.0.7727.138 < 147.0.7727.138 | 147.0.7727.138 | |
| chrome_desktop | — | — |
Chrome
Stable Channel Update for Desktop: CVE-2026-7353
vendor_chrome·2026-04-28
CVE-2026-7353 [HIGH] Stable Channel Update for Desktop: CVE-2026-7353
Stable Channel Update for Desktop
CVE-2026-7353: Heap buffer overflow in Skia. Reported by Google on 2026-04-01 [TBD][ 499023054 ] High CVE-2026-7352: Use after free in Media
Reported by Google on 2026-04-02 [TBD][ 499119490 ] High CVE-2026-7351: Race in MHTML
Severity: high
Red Hat
chromium-browser: Race in MHTML
vendor_redhat·2026-04-28·CVSS 5.5
CVE-2026-7351 [HIGH] CWE-368 chromium-browser: Race in MHTML
chromium-browser: Race in MHTML
A race flaw was found in the MHTML component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=499119490
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
GHSA
GHSA-79hw-6hc5-jxgp: Race in MHTML in Google Chrome prior to 147
ghsa_unreviewed·2026-04-29
CVE-2026-7351 [LOW] CWE-362 GHSA-79hw-6hc5-jxgp: Race in MHTML in Google Chrome prior to 147
Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: High)
No detection rules found.
No public exploits indexed.
2026-04-28
Published