CVE-2026-7353
published 2026-04-28CVE-2026-7353: Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform…
high8.3CVSS 3.1
AVNACHPRNUIRSCCHIHAH
Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome | < 147.0.7727.138 | 147.0.7727.138 | |
| chrome | >= 147.0.7727.138 < 147.0.7727.138 | 147.0.7727.138 | |
| chrome_desktop | — | — |
Chrome
Stable Channel Update for Desktop: CVE-2026-7353
vendor_chrome·2026-04-28
CVE-2026-7353 [HIGH] Stable Channel Update for Desktop: CVE-2026-7353
Stable Channel Update for Desktop
CVE-2026-7353: Heap buffer overflow in Skia. Reported by Google on 2026-04-01 [TBD][ 499023054 ] High CVE-2026-7352: Use after free in Media
Reported by Google on 2026-04-02 [TBD][ 499119490 ] High CVE-2026-7351: Race in MHTML
Severity: high
Red Hat
chromium-browser: Heap buffer overflow in Skia
vendor_redhat·2026-04-28·CVSS 8.2
CVE-2026-7353 [HIGH] CWE-787 chromium-browser: Heap buffer overflow in Skia
chromium-browser: Heap buffer overflow in Skia
A heap buffer overflow flaw was found in the Skia component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=498809718
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
VulDB
Google Chrome up to 147.0.7727.117 Skia heap-based overflow (ID 498809 / Nessus ID 310946)
vuldb·2026-04-30
CVE-2026-7353 [CRITICAL] Google Chrome up to 147.0.7727.117 Skia heap-based overflow (ID 498809 / Nessus ID 310946)
A vulnerability labeled as critical has been found in Google Chrome. This affects an unknown part of the component Skia. Executing a manipulation can lead to heap-based buffer overflow.
This vulnerability is handled as CVE-2026-7353. The attack can be executed remotely. There is not any exploit available.
The affected component should be upgraded.
GHSA
GHSA-f7fm-r935-rrq7: Heap buffer overflow in Skia in Google Chrome prior to 147
ghsa_unreviewed·2026-04-29
CVE-2026-7353 [HIGH] CWE-122 GHSA-f7fm-r935-rrq7: Heap buffer overflow in Skia in Google Chrome prior to 147
Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
No detection rules found.
No public exploits indexed.
2026-04-28
Published