{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6299", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-04-14T18:12:20.506Z", "datePublished": "2026-04-15T19:04:47.116Z", "dateUpdated": "2026-04-16T03:55:53.177Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "147.0.7727.101", "status": "affected", "lessThan": "147.0.7727.101", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Use after free", "cweId": "CWE-416"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-15T19:04:47.116Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"}, {"url": "https://issues.chromium.org/issues/497053588"}]}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-15T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-6299"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T03:55:53.177Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-6299", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-15T19:44:27.871171Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T19:44:37.911Z"}}], "cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"status": "affected", "version": "147.0.7727.101", "lessThan": "147.0.7727.101", "versionType": "custom"}]}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"}, {"url": "https://issues.chromium.org/issues/497053588"}], "descriptions": [{"lang": "en", "value": "Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-416", "description": "Use after free"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-15T19:04:47.116Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6299", "state": "PUBLISHED", "dateUpdated": "2026-04-16T03:55:53.177Z", "dateReserved": "2026-04-14T18:12:20.506Z", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "datePublished": "2026-04-15T19:04:47.116Z", "assignerShortName": "Chrome"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "571DC362-C7E4-4FA4-A493-9DD22A4DACC6", "versionEndExcluding": "147.0.7727.101", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)"}], "id": "CVE-2026-6299", "lastModified": "2026-04-17T15:41:34.823", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-15T20:16:38.790", "references": [{"source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"], "url": "https://issues.chromium.org/issues/497053588"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "chrome-cve-admin@google.com", "type": "Primary"}]}

{"bugzilla": {"description": "Google Chrome: Chromium: Google Chrome and Chromium: Arbitrary code execution via a crafted HTML page", "id": "2458779", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458779"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-825", "details": ["A flaw was found in Prerender in Google Chrome and Chromium. A remote attacker could exploit a use-after-free vulnerability by enticing a user to visit a specially crafted HTML page. This could lead to the execution of arbitrary code on the affected system, allowing the attacker to gain full control."], "name": "CVE-2026-6299", "public_date": "2026-04-15T19:04:47Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-6299\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-6299\nhttps://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html\nhttps://issues.chromium.org/issues/497053588"], "threat_severity": "Critical"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[147.0.7727.101,147.0.7727.101)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-17T08:23:39.740397+00:00", "value": {"mitigation_remediation": ["Upgrade Chrome to version 147.0.7727.101 or later to obtain the vendor\u2011supplied fix.", "If upgrade is delayed, temporarily disable prerendering by navigating to chrome://flags/#enable-prerender and setting the flag to Disabled.", "Monitor Chrome security advisories for additional guidance and policy changes."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Google Chrome browsers with versions prior to 147.0.7727.101 are impacted. The issue applies to all platforms that ship the desktop stable channel of Chrome where prerender is enabled. Users of any devices running assemblies of Chrome that have not applied the 147.0.7727.101 update are vulnerable.", "description_and_impact": "This vulnerability is a use\u2011after\u2011free bug in Chrome\u2019s prerendering subsystem that allows a remote attacker to run arbitrary code by loading a specially crafted web page. The flaw arises after a page\u2019s memory is freed but pointers remain, enabling code execution in the context of the victim browser session. It involves a use\u2011after\u2011free (CWE\u2011416) and may also lead to an information leakage (CWE\u2011825) when uninitialized memory is accessed. Chromium has rated the defect as Critical because successful exploitation bypasses normal privilege boundaries and can affect any user who visits a maliciously constructed site.", "risk_and_exploitability": "An attacker can exploit this flaw remotely by delivering a crafted HTML page over HTTP or HTTPS, with no additional network access required beyond being able to visit the page. The expected attack vector is web\u2011based; the browser must process the page to trigger the use\u2011after\u2011free. The EPSS score indicates a low exploitation probability (<1%), and the vulnerability has not yet been listed on CISA\u2019s Known Exploited Vulnerabilities catalog. Nevertheless, Chromium labels it Critical, and its CVSS score is 8.8, indicating that exploitation is highly feasible and would grant full code\u2011execution privileges on the victim machine."}}}}, "created": "2026-04-15T21:02:19.137706+00:00", "updated": "2026-04-17T08:30:13.699648+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}