{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6919", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-04-23T16:11:29.677Z", "datePublished": "2026-04-23T16:12:22.841Z", "dateUpdated": "2026-04-24T13:37:36.823Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "147.0.7727.117", "status": "affected", "lessThan": "147.0.7727.117", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Use after free", "cweId": "CWE-416"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-23T16:12:22.841Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_22.html"}, {"url": "https://issues.chromium.org/issues/493652473"}]}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-24T03:55:30.566874Z", "id": "CVE-2026-6919", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-24T13:37:36.823Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-6919", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-24T03:55:30.566874Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-24T13:37:33.518Z"}}], "cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"status": "affected", "version": "147.0.7727.117", "lessThan": "147.0.7727.117", "versionType": "custom"}]}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_22.html"}, {"url": "https://issues.chromium.org/issues/493652473"}], "descriptions": [{"lang": "en", "value": "Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-416", "description": "Use after free"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-23T16:12:22.841Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6919", "state": "PUBLISHED", "dateUpdated": "2026-04-24T13:37:36.823Z", "dateReserved": "2026-04-23T16:11:29.677Z", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "datePublished": "2026-04-23T16:12:22.841Z", "assignerShortName": "Chrome"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB75176F-0FDC-47BF-A48D-D5F26FACD347", "versionEndExcluding": "147.0.7727.116", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"}], "id": "CVE-2026-6919", "lastModified": "2026-04-24T16:39:50.947", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-23T18:16:30.520", "references": [{"source": "chrome-cve-admin@google.com", "tags": ["Release Notes"], "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_22.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Vendor Advisory", "Permissions Required"], "url": "https://issues.chromium.org/issues/493652473"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "chrome-cve-admin@google.com", "type": "Secondary"}]}

{"bugzilla": {"description": "Google Chrome: Chromium: chromium-browser: Use after free in DevTools", "id": "2461225", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461225"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-825", "details": ["An use after free flaw was found in the DevTools component of the Chromium browser.\nUpstream bug(s):\nhttps://code.google.com/p/chromium/issues/detail?id=493652473"], "name": "CVE-2026-6919", "public_date": "2026-04-23T16:12:22Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-6919\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-6919\nhttps://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_22.html\nhttps://issues.chromium.org/issues/493652473"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,147.0.7727.117)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-28T14:50:24.987297+00:00", "value": {"mitigation_remediation": ["Upgrade Google Chrome to version 147.0.7727.117 or later to apply the use\u2011after\u2011free fix.", "If an upgrade is not feasible, disable or restrict DevTools usage when loading untrusted content.", "Regularly keep Chrome installations up to date and monitor for exploitation attempts."], "summary": {"action": "Immediate Patch", "impact": "Sandbox escape potentially leading to remote code execution"}, "threat_synthesis": {"affected_systems": "Google Chrome versions earlier than 147.0.7727.117 are affected. The flaw applies to all platforms where Chrome is installed, including Windows, macOS, Linux, and mobile devices running Android. Any system running a vulnerable Chrome build is susceptible if an attacker can supply a crafted HTML page to the user\u2019s browser.", "description_and_impact": "A use\u2011after\u2011free flaw in Chrome\u2019s DevTools permits a remote attacker who has already compromised the renderer process to craft a malicious HTML page that can trigger a sandbox escape. This vulnerability enables the attacker to break out of the renderer sandbox and potentially execute arbitrary code with host system privileges. The flaw is classified as high severity with a CVSS score of 9.6 and is identified as CWE\u2011416.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 9.6, indicating a high exploitation risk, while the EPSS score is below 1\u202f%, suggesting a relatively low current exploitation probability. The flaw is not listed in the CISA KEV catalog. The attack vector is inferred to be remote, relying on a crafted HTML page that a user may view in Chrome. Once the attacker delivers the malicious content and compromises the renderer, the use\u2011after\u2011free can be leveraged to escape the sandbox. Successful exploitation would grant the attacker significant privileges, potentially enabling full system compromise."}}}}, "created": "2026-04-27T21:30:13.617410+00:00", "title": "Use\u2011After\u2011Free in DevTools Enables Sandbox Escape in Chrome", "updated": "2026-04-28T15:00:14.508277+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}