Description
Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-04-08
Score: n/a
EPSS: n/a
KEV: No
Impact: Media Metadata Corruption
Action: Apply Patch
AI Analysis

Impact

A race condition in Chrome’s media rendering code on Android allows a remote attacker who has already compromised the renderer process to corrupt media stream metadata via a crafted HTML page. The flaw does not grant arbitrary code execution or system compromise; instead it introduces malformed or inconsistent media data that could affect applications relying on accurate metadata. It is classified as a low‑severity issue by Chromium security reviewers.

Affected Systems

The vulnerability affects Google Chrome for Android versions earlier than 147.0.7727.55. Users of Chrome on Android should verify their current version and apply updates when available.

Risk and Exploitability

The defect is rated low severity and is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation requires the attacker to have already obtained control of the renderer process, which limits the attack surface. Without that prerequisite, the race condition cannot be triggered. No EPSS score is available, so the overall risk can be considered modest and primarily mitigated by keeping Chrome up to date.

Generated by OpenCVE AI on April 8, 2026 at 22:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome on Android to version 147.0.7727.55 or later

Generated by OpenCVE AI on April 8, 2026 at 22:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
Title Race Condition in Chrome Media Rendering Enables Metadata Corruption
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 08 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Description Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium security severity: Low)
Weaknesses CWE-362
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-04-08T21:21:00.103Z

Reserved: 2026-04-08T19:34:43.375Z

Link: CVE-2026-5902

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-08T22:16:30.080

Modified: 2026-04-08T22:16:30.080

Link: CVE-2026-5902

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:26:16Z

Weaknesses