{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6306", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-04-14T18:12:23.161Z", "datePublished": "2026-04-15T19:04:51.372Z", "dateUpdated": "2026-04-15T19:04:51.372Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "147.0.7727.101", "status": "affected", "lessThan": "147.0.7727.101", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Heap buffer overflow", "cweId": "CWE-122"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-15T19:04:51.372Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"}, {"url": "https://issues.chromium.org/issues/496907110"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)"}], "id": "CVE-2026-6306", "lastModified": "2026-04-15T20:16:39.883", "metrics": {}, "published": "2026-04-15T20:16:39.883", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/496907110"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "chrome-cve-admin@google.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[147.0.7727.101,147.0.7727.101)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-15T22:02:23.838649+00:00", "value": {"mitigation_remediation": ["Upgrade Google Chrome to version 147.0.7727.101 or newer. ", "Disable or restrict automatic opening of PDF files from untrusted sources. ", "Monitor users for anomalous activity such as unexpected browser crashes or unexpected processes."], "summary": {"action": "Update Chrome", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Google Chrome browsers prior to version 147.0.7727.101 are affected. The issue is limited to the PDFium rendering engine used for processing PDF files within the Chrome browser.", "description_and_impact": "A heap buffer overflow exists in the PDF rendering component of Google Chrome that allows a remote attacker to execute arbitrary code inside the browser sandbox by delivering a specially crafted PDF file. The vulnerability is identified as a classic CWE-122 error and carries a Chromium severity of High.", "risk_and_exploitability": "The flaw can be triggered by a PDF file that an untrusted user opens in Chrome, which can lead to arbitrary code execution with at least the privileges of the sandboxed browser process. No publicly available exploit code is yet reported, and the vulnerability is not listed in the CISA KEV catalog. The risk remains high due to the local file-based nature of the trigger and the ability to run arbitrary code within the sandbox."}}}}, "created": "2026-04-15T22:15:15.705651+00:00", "title": "PDFium Heap Buffer Overflow Allows Arbitrary Code Execution", "updated": "2026-04-15T23:30:17.124507+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}