Description
Out of bounds read in WebAudio in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-04-08
Score: n/a
EPSS: n/a
KEV: No
Impact: Remote information disclosure via out‑of‑bounds read
Action: Patch
AI Analysis

Impact

An out‑of‑bounds memory read was discovered in the WebAudio implementation of Google Chrome. An attacker can exploit this flaw by serving a specially crafted web page to a user browsing with Chrome on macOS, causing the browser process to read data beyond the bounds of a buffer. This leak can expose potentially sensitive information from the process memory, compromising confidentiality. The weakness is formally classified as CWE‑125, buffer over-read.

Affected Systems

The vulnerability affects Google Chrome running on macOS versions prior to 147.0.7727.55. Any install of Chrome on a Mac before this release is potentially vulnerable. Updating to 147.0.7727.55 or later removes the flaw.

Risk and Exploitability

The issue carries a medium severity designation by Chromium because the attacker must be able to run an HTML page in the user’s browser. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting limited public exploitation. However, because the attack vector relies on normal web browsing, the risk to environments where users visit untrusted sites is significant. Installing the fixed release immediately mitigates the flaw.

Generated by OpenCVE AI on April 8, 2026 at 22:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 147.0.7727.55 or newer on macOS

Generated by OpenCVE AI on April 8, 2026 at 22:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 08 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Description Out of bounds read in WebAudio in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-125
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-04-08T21:20:51.484Z

Reserved: 2026-04-08T19:34:39.130Z

Link: CVE-2026-5886

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-08T22:16:28.367

Modified: 2026-04-08T22:16:28.367

Link: CVE-2026-5886

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:26:40Z

Weaknesses