{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6318", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-04-14T18:12:28.207Z", "datePublished": "2026-04-15T19:04:58.495Z", "dateUpdated": "2026-04-16T03:55:44.565Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "147.0.7727.101", "status": "affected", "lessThan": "147.0.7727.101", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Use after free", "cweId": "CWE-416"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-15T19:04:58.495Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"}, {"url": "https://issues.chromium.org/issues/495996858"}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-15T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-6318"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T03:55:44.565Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)"}], "id": "CVE-2026-6318", "lastModified": "2026-04-15T20:16:42.020", "metrics": {}, "published": "2026-04-15T20:16:42.020", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/495996858"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "chrome-cve-admin@google.com", "type": "Primary"}]}

{"bugzilla": {"description": "chromium-browser: Use after free in Codecs", "id": "2458773", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458773"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-825", "details": ["An use after free flaw was found in the Codecs component of the Chromium browser.\nUpstream bug(s):\nhttps://code.google.com/p/chromium/issues/detail?id=495996858"], "name": "CVE-2026-6318", "public_date": "2026-04-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-6318\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-6318\nhttps://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html\nhttps://issues.chromium.org/issues/495996858"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,147.0.7727.101)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-16T02:21:56.478322+00:00", "value": {"mitigation_remediation": ["Update to Chrome version 147.0.7727.101 or newer using the browser\u2019s auto\u2011update feature", "If a timely update is not possible, restrict the browser from loading external HTML content from untrusted domains by configuring network or firewall rules, or by using a browser extension that blocks unknown sites", "Until a patch is applied, enforce stricter content security policies to suppress the loading of untrusted scripts and prevent the HTML from executing code within the browser", "Consider disabling the Chromium video decoding extensions that consume the vulnerable codecs module, if the product configuration allows it"], "summary": {"action": "Patch Now", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Google Chrome versions earlier than 147.0.7727.101 are affected. The issue exists on all supported operating systems until the user updates to this release or a newer one.", "description_and_impact": "The vulnerability is a use\u2011after\u2011free flaw in the codecs component of Google Chrome that allows a maliciously crafted HTML page to trigger a memory error inside the browser process. This flaw, identified as CWE\u2011416, can lead to the execution of arbitrary code while the browser runs in its sandboxed environment and could compromise the confidentiality, integrity, and availability of the user\u2019s data. The issue is also classified as CWE\u2011825, indicating an additional weakness that may contribute to or compound the exploitability.", "risk_and_exploitability": "The likely attack vector is a remote web\u2011based delivery of a specially crafted HTML page. The CVSS score of 9.6 classifies this flaw as critical, and EPSS is not available, indicating uncertain but potentially low exploitation probability. The vulnerability offers a native code execution path that could be leveraged by an adversary to compromise the browser sandbox and potentially pivot to other system resources. KEV does not list this vulnerability. Although no current exploitation reports exist, the high severity warrants immediate mitigation."}}}}, "created": "2026-04-15T22:30:15.947132+00:00", "updated": "2026-04-16T02:30:21.682963+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}