Use After Free Vulnerability in Graphite in Google Chrome
CVE-2026-6304

8.3HIGH

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 15 April 2026

What is CVE-2026-6304?

An issue in the Graphite component of Google Chrome allows remote attackers to potentially perform a sandbox escape through a crafted HTML page. This occurs due to improper memory management leading to a use after free condition. When the renderer process is compromised, the attacker can exploit this vulnerability to gain unauthorized access and execute malicious actions within the user's environment.

Affected Version(s)

Chrome 147.0.7727.101

References

https://chromereleases.googleblog.com/2026/04/stable-chan...

https://issues.chromium.org/issues/496393742

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2026
Vulnerability Reserved
Apr 14, 2026

CVE-2026-6304 Data

JSON