{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7359", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-04-28T20:02:47.674Z", "datePublished": "2026-04-28T22:35:56.218Z", "dateUpdated": "2026-04-28T22:35:56.218Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "147.0.7727.138", "status": "affected", "lessThan": "147.0.7727.138", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Use after free in ANGLE in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Use after free", "cweId": "CWE-416"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-28T22:35:56.218Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html"}, {"url": "https://issues.chromium.org/issues/496284494"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Use after free in ANGLE in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"}], "id": "CVE-2026-7359", "lastModified": "2026-04-28T23:16:23.470", "metrics": {}, "published": "2026-04-28T23:16:23.470", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/496284494"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "chrome-cve-admin@google.com", "type": "Primary"}]}

{"bugzilla": {"description": "chromium-browser: Use after free in ANGLE", "id": "2463670", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463670"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-825", "details": ["An use after free flaw was found in the ANGLE component of the Chromium browser.\nUpstream bug(s):\nhttps://code.google.com/p/chromium/issues/detail?id=496284494"], "name": "CVE-2026-7359", "public_date": "2026-04-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-7359\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-7359\nhttps://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html\nhttps://issues.chromium.org/issues/496284494"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[147.0.7727.138,147.0.7727.138)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-29T01:10:42.748343+00:00", "value": {"mitigation_remediation": ["Install the latest Chrome update that includes the ANGLE patch (version\u00a0147.0.7727.138 or later).", "Restrict access to untrusted web content by running Chrome inside a virtual machine or container that limits renderer privileges.", "Keep the host operating system and security updates current to minimize the risk of a prior renderer compromise that could be leveraged against this flaw."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution via Sandbox Escape"}, "threat_synthesis": {"affected_systems": "Google Chrome versions earlier than 147.0.7727.138 are affected. Only Chrome users on these older stable channel releases are impacted.", "description_and_impact": "Use after free in ANGLE within Google Chrome before version\u00a0147.0.7727.138 allows a remote attacker who has already compromised the renderer process to potentially escape the browser sandbox by loading a crafted HTML page. This vulnerability can lead to arbitrary code execution that breaks out of the browser environment, granting the attacker access to system resources and data.", "risk_and_exploitability": "The Chromium severity is marked High. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to first gain control of the renderer process, which limits the attack surface. Consequently, while the potential impact is severe, the likelihood of a successful attack is moderate to low without a prior renderer compromise."}}}}, "created": "2026-04-29T00:45:25.883114+00:00", "title": "Use after free in ANGLE allows sandbox escape in Chrome renderer", "updated": "2026-04-29T01:15:44.712273+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}