{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7346", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-04-28T20:02:40.077Z", "datePublished": "2026-04-28T22:36:05.971Z", "dateUpdated": "2026-04-29T12:58:52.150Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "147.0.7727.138", "status": "affected", "lessThan": "147.0.7727.138", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Inappropriate implementation in Tint in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Inappropriate implementation"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-28T22:36:05.971Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html"}, {"url": "https://issues.chromium.org/issues/502206907"}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-29T12:58:49.388184Z", "id": "CVE-2026-7346", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-29T12:58:52.150Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Inappropriate implementation in Tint in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)"}], "id": "CVE-2026-7346", "lastModified": "2026-04-29T13:16:54.153", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-28T23:16:22.190", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/502206907"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "chromium-browser: Inappropriate implementation in Tint", "id": "2463686", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463686"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-131", "details": ["An inappropriate implementation flaw was found in the Tint component of the Chromium browser.\nUpstream bug(s):\nhttps://code.google.com/p/chromium/issues/detail?id=502206907"], "name": "CVE-2026-7346", "public_date": "2026-04-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-7346\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-7346\nhttps://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html\nhttps://issues.chromium.org/issues/502206907"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[147.0.7727.138,147.0.7727.138)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-29T01:04:55.962279+00:00", "value": {"mitigation_remediation": ["Upgrade Google Chrome to version 147.0.7727.138 or later", "Restart any instances of Chrome after the update to ensure the vulnerable component is unloaded", "Disable or limit JavaScript execution in untrusted web content until a patch is applied"], "summary": {"action": "Patch Now", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The flaw exists in Google Chrome versions released prior to 147.0.7727.138 on all supported operating systems. Users running Chrome 147.0.7727.137 or earlier are affected, regardless of platform.", "description_and_impact": "Chrome\u2019s Tint rendering engine contains an inappropriate bounds check that enables a remote attacker to trigger an out\u2011of\u2011bounds memory access via a specially crafted HTML page. This flaw can overwrite or read arbitrary memory, potentially allowing an attacker to execute arbitrary code on the client\u2019s machine. The vulnerability has been graded as a high\u2011severity issue by Chromium security teams.", "risk_and_exploitability": "The vulnerability is exploitable from a web page, making it a classic drive\u2011by attack vector. No EPSS score is available, but the high\u2011severity rating and lack of mitigation mean a motivated attacker could likely succeed against any user who opens the crafted page. The vulnerability is not currently listed in CISA\u2019s KEV catalog, but its potential for remote code execution warrants immediate attention."}}}}, "created": "2026-04-29T00:30:15.865308+00:00", "title": "Out\u2011of\u2011Bounds Memory Access in Chrome Tint Rendering Engine", "updated": "2026-04-29T01:15:44.707828+00:00", "vendors": ["google", "google$PRODUCT$chrome"], "weaknesses": ["CWE-122"]}