Google EUVD-2026-23054

| CVE-2026-6306 HIGH
Heap-based Buffer Overflow (CWE-122)
2026-04-15 Chrome
Heap Overflow Buffer Overflow RCE Google Redhat Suse
8.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 16, 2026 - 10:22 vuln.today
CVSS changed
Apr 16, 2026 - 10:22 NVD
8.8 (HIGH)

DescriptionNVD

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

AnalysisAI

Heap buffer overflow in Google Chrome's PDFium library (versions prior to 147.0.7727.101) enables remote code execution within the Chrome sandbox when a victim opens a malicious PDF file. Despite CVSS 8.8 severity, exploitation requires user interaction (opening a crafted PDF) and is confined to the sandbox, limiting system-level impact. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify Chrome deployment scope across endpoints using asset management tools and verify current version baseline. Within 7 days: Deploy Chrome 147.0.7727.101 or later via your enterprise update mechanism (Google Admin Console for managed devices, or manual update notification for unmanaged instances) and confirm deployment completion on at least 95% of endpoints. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Vendor StatusVendor

Share

EUVD-2026-23054 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy