{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6310", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-04-14T18:12:24.810Z", "datePublished": "2026-04-15T19:04:53.589Z", "dateUpdated": "2026-04-16T03:56:06.808Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "147.0.7727.101", "status": "affected", "lessThan": "147.0.7727.101", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Use after free", "cweId": "CWE-416"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-15T19:04:53.589Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"}, {"url": "https://issues.chromium.org/issues/497969820"}]}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-15T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-6310"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T03:56:06.808Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-6310", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-15T19:57:44.362063Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T19:57:53.951Z"}}], "cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"status": "affected", "version": "147.0.7727.101", "lessThan": "147.0.7727.101", "versionType": "custom"}]}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"}, {"url": "https://issues.chromium.org/issues/497969820"}], "descriptions": [{"lang": "en", "value": "Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-416", "description": "Use after free"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-15T19:04:53.589Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6310", "state": "PUBLISHED", "dateUpdated": "2026-04-16T03:56:06.808Z", "dateReserved": "2026-04-14T18:12:24.810Z", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "datePublished": "2026-04-15T19:04:53.589Z", "assignerShortName": "Chrome"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "571DC362-C7E4-4FA4-A493-9DD22A4DACC6", "versionEndExcluding": "147.0.7727.101", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"}], "id": "CVE-2026-6310", "lastModified": "2026-04-17T17:26:44.053", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-15T20:16:40.530", "references": [{"source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"], "url": "https://issues.chromium.org/issues/497969820"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "chrome-cve-admin@google.com", "type": "Primary"}]}

{"bugzilla": {"description": "Dawn: Google Chrome: Chromium: Google Chrome: Sandbox escape via use-after-free in Dawn", "id": "2458791", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458791"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-825", "details": ["A flaw was found in Dawn, a component within Google Chrome. This use-after-free vulnerability allows a remote attacker, who has already compromised the browser's renderer process, to potentially perform a sandbox escape. This can occur when a user visits a specially crafted HTML page, leading to a more severe system compromise."], "name": "CVE-2026-6310", "public_date": "2026-04-15T19:04:53Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-6310\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-6310\nhttps://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html\nhttps://issues.chromium.org/issues/497969820"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,147.0.7727.101)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-17T08:22:13.387854+00:00", "value": {"mitigation_remediation": ["Upgrade to Google Chrome version 147.0.7727.101 or later to apply the vendor fix.", "If an immediate upgrade is not possible, enable Site Isolation and enforce strict renderer sandboxing to limit damage from a compromised renderer.", "Continuously monitor browser activity and security logs for indicators of exploitation and keep an up\u2011to\u2011date anti\u2011malware solution running."], "summary": {"action": "Patch immediately", "impact": "Sandbox escape via use-after-free"}, "threat_synthesis": {"affected_systems": "All desktop installations of Google Chrome up to and including version 147.0.7727.100 that use the Dawn rendering backend are affected. The issue is resolved in 147.0.7727.101 and later releases. No other platforms or product variants are listed as impacted.", "description_and_impact": "A use\u2011after\u2011free vulnerability in the Dawn graphics engine of Google Chrome allows an attacker who has already compromised the renderer process to free an object and subsequently use it after deallocation. This flaw can lead to a sandbox escape, enabling the attacker to execute code with the privileges of the browser process. The weakness is classified as CWE\u2011416 (Use After Free) and CWE\u2011825 (Resource Management Error).", "risk_and_exploitability": "Chromium rates the vulnerability with a CVSS score of 8.3, indicating high severity, while the EPSS score is reported as below 1\u202f%, suggesting a low likelihood of exploitation; the flaw is not listed in the CISA KEV catalog. The likely attack vector is a malicious web page that causes the renderer to be compromised; based on the description, it is inferred that an attacker first must gain control of the renderer process, for example via malicious content, before triggering the use\u2011after\u2011free to escape the sandbox. The prerequisite reduces overall exploitation likelihood, but a successful execution would give the attacker significant system privileges."}}}}, "created": "2026-04-15T22:00:06.469994+00:00", "updated": "2026-04-17T08:30:13.698216+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}