{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7363", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-04-28T20:22:29.721Z", "datePublished": "2026-04-28T22:35:53.191Z", "dateUpdated": "2026-04-28T22:35:53.191Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "147.0.7727.138", "status": "affected", "lessThan": "147.0.7727.138", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Use after free", "cweId": "CWE-416"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-28T22:35:53.191Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html"}, {"url": "https://issues.chromium.org/issues/494352590"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)"}], "id": "CVE-2026-7363", "lastModified": "2026-04-28T23:16:23.773", "metrics": {}, "published": "2026-04-28T23:16:23.773", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/494352590"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "chrome-cve-admin@google.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[147.0.7727.138,147.0.7727.138)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-29T01:13:39.115635+00:00", "value": {"mitigation_remediation": ["Update Google Chrome to version 147.0.7727.138 or later as published by Google.", "Restart all Chrome processes to ensure the new binary is loaded and the vulnerability is mitigated.", "As a temporary measure, launch Chrome with the flag --disable-gpu or use a policy to disable canvas rendering until the patch is applied."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Google Chrome on Linux and ChromeOS systems using versions earlier than 147.0.7727.138 are affected. The Canvas feature in these versions contains the vulnerable memory handling bug. No other products are listed as affected.", "description_and_impact": "A use\u2011after\u2011free flaw exists in the Canvas implementation of Google Chrome on Linux and ChromeOS versions prior to 147.0.7727.138. The vulnerability permits a remote attacker to craft a malicious HTML page that, when opened by a victim, causes the browser to execute arbitrary code inside its sandboxed rendering process. The flaw is classified by Chromium as Critical and is identified as CWE-416. The attacker can potentially redirect execution flow to injected code, thereby compromising the sandboxed context of the browser.", "risk_and_exploitability": "The EPSS score is not available, and the vulnerability has not been listed in CISA's KEV catalog. However, the Critical severity designation from Chromium indicates a high likelihood of exploitation in the wild. The attack vector is remote, relying on a crafted HTML page that a user can be induced to open, such as via a malicious website or phishing email. Once triggered, the flaw allows execution of arbitrary code within the browser's sandbox, providing a foothold for further attacks."}}}}, "created": "2026-04-29T00:45:25.884070+00:00", "title": "Canvas Use\u2011After\u2011Free Enables Code Execution on Linux & ChromeOS", "updated": "2026-04-29T01:15:44.716026+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}