Description
Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Published: 2026-04-08
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A heap buffer overflow exists in the ANGLE graphics stack of Google Chrome on macOS. The flaw can be triggered by a specially crafted HTML page, allowing an attacker to run arbitrary code inside the browser’s sandboxed environment. This vulnerability corresponds to a classic buffer overflow (CWE‑122) and has a high severity rating according to Chromium’s internal assessment.

Affected Systems

The impact is confined to users of Google Chrome on macOS versions preceding 147.0.7727.55. Earlier builds of the stable channel are vulnerable; the issue is not present in newer releases that incorporate the fix.

Risk and Exploitability

Because the flaw can be triggered by loading a malicious web page, the potential attack vector is remote and does not require local user interaction beyond visiting the site. The CVSS score is not supplied, but the high severity checklist and lack of mitigation steps in the public advisory suggest a serious risk. The EPSS score is unavailable and the vulnerability is not listed in CISA’s KEV catalog, so it is unknown whether active exploitation is occurring.

Generated by OpenCVE AI on April 8, 2026 at 22:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to version 147.0.7727.55 or later
  • Verify that automatic updates are enabled to receive future patches promptly

Generated by OpenCVE AI on April 8, 2026 at 22:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6205-1 chromium security update
History

Fri, 10 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title Heap Buffer Overflow in Chrome ANGLE Leading to Remote Code Execution chromium-browser: Heap buffer overflow in ANGLE
Weaknesses CWE-787
References
Metrics threat_severity

None

 cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

threat_severity

Important

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
Title Heap Buffer Overflow in Chrome ANGLE Leading to Remote Code Execution
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 08 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Description Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-122
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-04-10T03:55:48.871Z

Reserved: 2026-04-08T19:34:34.006Z

Link: CVE-2026-5868

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-08T22:16:26.360

Modified: 2026-04-08T22:16:26.360

Link: CVE-2026-5868

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-07T00:00:00Z

Links: CVE-2026-5868 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:26:58Z

Weaknesses