Description
Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-04-08
Score: n/a
EPSS: n/a
KEV: No
Impact: Potential Confidentiality Compromise via Out-of-Bounds Read
Action: Apply Patch
AI Analysis

Impact

An out-of-bounds read vulnerability exists in the Blink rendering engine of Google Chrome. A malicious web page can be crafted to trigger this issue, allowing a remote attacker to read memory beyond the intended bounds. The leaked memory could contain sensitive data, resulting in privacy loss. The weakness corresponds to CWE-125.

Affected Systems

Google Chrome browsers that use the Blink engine are impacted. Vulnerable releases are any versions prior to 147.0.7727.55. Users running earlier versions should upgrade immediately, as no other vendors or products are listed as affected.

Risk and Exploitability

The Chromium severity is classified as Low, implying limited exploitability or impact, and EPSS is not available. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be remote, via a malicious web page delivered over the network. Although no public exploits are known, the absence of a public exploit does not diminish the potential for future attacks. Applying the vendor patch eliminates the risk.

Generated by OpenCVE AI on April 8, 2026 at 22:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 147.0.7727.55 or later
  • Verify that the upgrade has been applied by checking Chrome’s version number

Generated by OpenCVE AI on April 8, 2026 at 22:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
Title Blink Out-of-Bounds Memory Read via Crafted HTML
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 08 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Description Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Low)
Weaknesses CWE-125
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-04-08T21:21:06.156Z

Reserved: 2026-04-08T19:34:46.615Z

Link: CVE-2026-5913

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-08T22:16:31.220

Modified: 2026-04-08T22:16:31.220

Link: CVE-2026-5913

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:26:05Z

Weaknesses