Description
Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-04-28
Score: 8.2 High
EPSS: n/a
KEV: No
Impact: Remote Code Execution via Sandbox Escape
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a heap buffer overflow in the Skia graphics library used by Google Chrome. A remote attacker who has compromised the renderer process can supply crafted HTML content that triggers the overflow, allowing the attacker to escape the browser's sandbox. This can lead to arbitrary code execution on the user’s system as the attacker can gain higher privileges than the sandbox permits. The flaw is identified as CWE‑122, a classic out‑of‑bounds write that can corrupt memory and alter program control flow.

Affected Systems

Google Chrome versions earlier than 147.0.7727.138 on all supported operating systems are affected. Users of the Stable channel running any of these revisions could be vulnerable if the renderer process is compromised.

Risk and Exploitability

The CVSS severity is High, but no EPSS score is currently available and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be attacker‑controlled HTML delivered to the renderer, so an adversary with the ability to serve malicious content to a user could potentially exploit it. Exploitation requires either a separate flaw that compromises the renderer or a direct delivery of a malicious HTML page. Given the high impact and the lack of exploitation mitigations in the renderer, the risk remains significant.

Generated by OpenCVE AI on April 29, 2026 at 02:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Chrome update, at least version 147.0.7727.138 or newer
  • Verify that the renderer process and related components are sandboxed in the system’s configuration
  • Use Chrome’s security features such as Site Isolation and Safe Browsing to reduce the likelihood that malicious HTML reaches the renderer

Generated by OpenCVE AI on April 29, 2026 at 02:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title Heap Buffer Overflow in Skia Enabling Sandbox Escape in Google Chrome chromium-browser: Heap buffer overflow in Skia
Weaknesses CWE-787
References
Metrics threat_severity

None

 cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

threat_severity

Important

Wed, 29 Apr 2026 02:30:00 +0000

Type Values Removed Values Added
Title Heap Buffer Overflow in Skia Enabling Sandbox Escape in Google Chrome

Wed, 29 Apr 2026 00:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Tue, 28 Apr 2026 23:00:00 +0000

Type Values Removed Values Added
Description Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-122
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-04-28T22:35:58.921Z

Reserved: 2026-04-28T20:02:44.629Z

Link: CVE-2026-7353

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-28T23:16:22.873

Modified: 2026-04-28T23:16:22.873

Link: CVE-2026-7353

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-28T00:00:00Z

Links: CVE-2026-7353 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T02:15:47Z

Weaknesses