Description
Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Published: 2026-04-08
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Information Disclosure
Action: Immediate Patch
AI Analysis

Impact

A heap buffer overflow exists in the WebAudio component of Google Chrome versions older than 147.0.7727.55. The flaw permits a remote attacker, through a crafted webpage, to read data from the browser process memory and exfiltrate potentially sensitive information. The weakness corresponds to unchecked bounds in a heap buffer, classified as CWE‑122, and the Chromium project rates the vulnerability as high severity.

Affected Systems

The vulnerability affects all installations of Google Chrome with versions prior to 147.0.7727.55. Users operating these older releases are vulnerable to memory disclosure if they load a malicious page. Newer releases, beginning with 147.0.7727.55, contain the fix that blocks the overflow.

Risk and Exploitability

The vulnerability is remote, triggered by opening a malicious HTML document in the browser. While no EPSS score is available and it is not listed in the CISA KEV catalog, the high severity rating and the nature of the flaw suggest that exploitation is feasible with a crafted payload. Administrators should treat it as a significant risk until the preset update is installed, after which the risk is mitigated.

Generated by OpenCVE AI on April 8, 2026 at 22:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Google Chrome update (147.0.7727.55 or newer).
  • Verify that the installed Chrome version meets or exceeds the patched version.
  • Avoid visiting untrusted web pages until the update is applied.

Generated by OpenCVE AI on April 8, 2026 at 22:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6205-1 chromium security update
History

Fri, 10 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L'}

Fri, 10 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title Heap Buffer Overflow in Chrome WebAudio Allows Remote Information Disclosure chromium-browser: Heap buffer overflow in WebAudio
Weaknesses CWE-131
References
Metrics threat_severity

None

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

threat_severity

Important

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
Title Heap Buffer Overflow in Chrome WebAudio Allows Remote Information Disclosure
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 08 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Description Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-122
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-04-10T18:44:16.825Z

Reserved: 2026-04-08T19:34:33.171Z

Link: CVE-2026-5864

cve-icon Vulnrichment

Updated: 2026-04-10T18:44:04.758Z

cve-icon NVD

Status : Received

Published: 2026-04-08T22:16:25.907

Modified: 2026-04-10T19:16:27.577

Link: CVE-2026-5864

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-07T00:00:00Z

Links: CVE-2026-5864 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:27:02Z

Weaknesses