{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7354", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-04-28T20:02:45.328Z", "datePublished": "2026-04-28T22:35:58.451Z", "dateUpdated": "2026-04-28T22:35:58.451Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "147.0.7727.138", "status": "affected", "lessThan": "147.0.7727.138", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Out of bounds read and write in Angle in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out of bounds read and write"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-28T22:35:58.451Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html"}, {"url": "https://issues.chromium.org/issues/498746519"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Out of bounds read and write in Angle in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"}], "id": "CVE-2026-7354", "lastModified": "2026-04-28T23:16:22.977", "metrics": {}, "published": "2026-04-28T23:16:22.977", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/498746519"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,147.0.7727.138)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-29T01:08:43.228502+00:00", "value": {"mitigation_remediation": ["Upgrade Google Chrome to version 147.0.7727.138 or later to apply the vendor patch.", "Verify that the browser sandbox is enabled and that Chrome runs with its default sandboxed configuration.", "Maintain regular updates to Chrome and monitor for additional security advisories to ensure continued protection."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Google Chrome browsers that are older than version 147.0.7727.138 are vulnerable. The issue affects all platforms that ship with Chrome containing the old Angle engine, including Windows, macOS, Linux, Android, and iOS.", "description_and_impact": "An out-of-bounds read and write flaw exists in the Angle graphics engine used by Google Chrome. The vulnerability can be triggered by a specially crafted HTML page and may allow a remote attacker to escape the browser sandbox. If successful, the attacker could execute arbitrary code outside the browser process, compromising the host system's confidentiality and integrity.", "risk_and_exploitability": "The CVSS severity is high, and the vulnerability is exploitable without the need for additional privileges. No EPSS data is available, and the issue is not currently listed in the CISA KEV catalog. Attackers can exploit the flaw by serving a malicious web page to a user running an affected Chrome browser. Because the flaw can lead to a sandbox escape, the impact is significant for both enterprise and consumer users."}}}}, "created": "2026-04-29T01:00:10.589324+00:00", "title": "Chrome Angle Engine Out-of-Bounds Read/Write Enables Sandbox Escape", "updated": "2026-04-29T01:15:44.710152+00:00", "vendors": ["google", "google$PRODUCT$chrome"], "weaknesses": ["CWE-787", "CWE-788"]}