{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6921", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-04-23T16:11:31.076Z", "datePublished": "2026-04-23T16:12:24.489Z", "dateUpdated": "2026-04-24T13:38:08.991Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "147.0.7727.117", "status": "affected", "lessThan": "147.0.7727.117", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Race", "cweId": "CWE-362"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-23T16:12:24.489Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_22.html"}, {"url": "https://issues.chromium.org/issues/493315759"}]}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-24T03:55:31.693261Z", "id": "CVE-2026-6921", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-24T13:38:08.991Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-6921", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-24T03:55:31.693261Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-23T17:34:17.239Z"}}], "cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"status": "affected", "version": "147.0.7727.117", "lessThan": "147.0.7727.117", "versionType": "custom"}]}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_22.html"}, {"url": "https://issues.chromium.org/issues/493315759"}], "descriptions": [{"lang": "en", "value": "Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-362", "description": "Race"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-23T16:12:24.489Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6921", "state": "PUBLISHED", "dateUpdated": "2026-04-24T13:38:08.991Z", "dateReserved": "2026-04-23T16:11:31.076Z", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "datePublished": "2026-04-23T16:12:24.489Z", "assignerShortName": "Chrome"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB75176F-0FDC-47BF-A48D-D5F26FACD347", "versionEndExcluding": "147.0.7727.116", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)"}], "id": "CVE-2026-6921", "lastModified": "2026-04-24T16:39:30.307", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-23T18:16:30.790", "references": [{"source": "chrome-cve-admin@google.com", "tags": ["Release Notes"], "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_22.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://issues.chromium.org/issues/493315759"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "chrome-cve-admin@google.com", "type": "Primary"}]}

{"bugzilla": {"description": "Google Chrome: Chromium: chromium-browser: Race in GPU", "id": "2461223", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461223"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-368", "details": ["A race flaw was found in the GPU component of the Chromium browser.\nUpstream bug(s):\nhttps://code.google.com/p/chromium/issues/detail?id=493315759"], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-6921", "public_date": "2026-04-23T16:12:24Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-6921\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-6921\nhttps://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_22.html\nhttps://issues.chromium.org/issues/493315759"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[147.0.7727.117,147.0.7727.117)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-29T02:20:37.375410+00:00", "value": {"mitigation_remediation": ["Update Google Chrome to version 147.0.7727.117 or newer.", "If an immediate update is not possible, disable hardware acceleration through Chrome settings or the Windows Policy \u201cDisableHardwareAcceleration\u201d.", "Monitor browser traffic for unusually large or suspicious video file downloads and block them as part of a broader security policy."], "summary": {"action": "Patch Now", "impact": "Remote sandbox escape via GPU race condition"}, "threat_synthesis": {"affected_systems": "Google Chrome on Windows, versions prior to 147.0.7727.117. The issue is limited to the Windows build of Chrome; no affected versions are listed for Android or Linux kernels in the current advisory.", "description_and_impact": "The vulnerability is a race condition in the graphics processing unit handling within Google Chrome on Windows. A crafted video file can trigger the race, allowing a remote attacker to escape the browser sandbox and potentially execute arbitrary code at the host system level. The weakness is classified as CWE\u2011362 and CWE\u2011368 and can compromise confidentiality, integrity, and availability by granting the attacker unrestricted access to the operating system.", "risk_and_exploitability": "The CVSS score of 8.3 indicates high severity, yet the EPSS score of less than 1% suggests a low probability of exploitation at this time. The vulnerability is not listed in CISA KEV. Exploitation would likely involve an attacker delivering a malicious video file to a user\u2019s browser, a method that requires user interaction but can be piggybacked on phishing or drive\u2011by situations. Given the low EPSS, the risk remains moderate under current conditions, but the potential impact warrants timely action."}}}}, "created": "2026-04-27T23:30:15.326437+00:00", "title": "GPU Race Condition Allowing Sandbox Escape in Chrome", "updated": "2026-04-29T02:30:07.572501+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}