Description
Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-04-23
Score: 9.6 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution via Sandbox Escape
Action: Immediate Patch
AI Analysis

Impact

Out of bounds read in the GPU component of Google Chrome on Android, versions prior to 147.0.7727.117, enables a remote attacker who has already compromised the renderer process to craft an HTML page that induces a sandbox escape. This flaw is a CWE-125 buffer under-read, which can expose memory contents outside the expected bounds and after exploitation may allow execution of arbitrary code outside the renderer’s sandbox, compromising confidentiality, integrity, and availability of the device.

Affected Systems

Affected systems are Google Chrome browsers on Android devices running any version earlier than 147.0.7727.117. The vulnerability is tied specifically to the GPU acceleration path utilized by the renderer process on Android; no other operating systems or Chrome on desktop are mentioned in the description. Administrators should verify the version of Chrome installed on all Android devices and ensure it is updated to 147.0.7727.117 or later.

Risk and Exploitability

The CVSS score is 9.6, indicating a high severity vulnerability, but the EPSS score is below 1%, suggesting a low probability of exploitation at present. The risk is elevated because sandbox escape can lead to arbitrary code execution. The attack vector appears to be remote via a crafted HTML page that is processed by the renderer; an attacker must first compromise the renderer process, which may be achieved through other vulnerabilities or social engineering. Although the vulnerability is not listed in CISA’s KEV catalog, organizations should prioritize patching as the only definitive fix.

Generated by OpenCVE AI on April 28, 2026 at 07:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 147.0.7727.117 or later on all Android devices.
  • Disable GPU acceleration in Chrome on Android by turning off the “Enable hardware acceleration” setting or using the Chrome flag `chrome://flags/#enable-gpu` set to Disabled.
  • Keep the Android operating system updated to the latest security patches, as the vulnerability is linked to GPU usage on Android.
  • Limit exposure to untrusted web content by restricting user access to potentially malicious sites until the patch is applied.

Generated by OpenCVE AI on April 28, 2026 at 07:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6230-1 chromium security update
History

Tue, 28 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title Remote Sandbox Escape via GPU Out-of-Bounds Read in Chrome on Android Google Chrome: Chromium: chromium-browser: Out of bounds read in GPU
References
Metrics threat_severity

None

 threat_severity

Important

Tue, 28 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Title Remote Sandbox Escape via GPU Out-of-Bounds Read in Chrome on Android

Fri, 24 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Google chrome
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Google
Google android
Google chrome
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Thu, 23 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 cvssV3_1

{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
Description Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-125
References

Subscriptions

Google Android Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-04-24T03:55:28.732Z

Reserved: 2026-04-23T16:11:30.273Z

Link: CVE-2026-6920

cve-icon Vulnrichment

Updated: 2026-04-23T17:32:15.063Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-23T18:16:30.640

Modified: 2026-04-24T16:39:41.147

Link: CVE-2026-6920

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-23T16:12:23Z

Links: CVE-2026-6920 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T07:45:26Z

Weaknesses