CVE-2026-6305
Published: 15 April 2026
Summary
CVE-2026-6305 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Google Chrome. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 9.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and remediation of the heap buffer overflow flaw in PDFium via Chrome updates to 147.0.7727.101 or later.
Implements memory safeguards like address space layout randomization and data execution prevention to block arbitrary code execution from heap buffer overflows.
Deploys malicious code protection mechanisms to scan for and block crafted PDF files exploiting the PDFium vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap buffer overflow in Chrome PDF renderer enables arbitrary code execution when user opens crafted malicious PDF (T1203 Exploitation for Client Execution); delivery and trigger via user opening the file (T1204.002 Malicious File).
NVD Description
Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)
Deeper analysisAI
CVE-2026-6305 is a heap buffer overflow vulnerability in the PDFium component of Google Chrome versions prior to 147.0.7727.101. PDFium, an open-source PDF rendering engine used by Chrome, mishandles certain inputs, leading to the overflow. The issue is classified under CWE-122 (Heap-based Buffer Overflow) and CWE-787 (Out-of-bounds Write), with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), rated as High severity by Chromium security.
A remote attacker can exploit this vulnerability by crafting a malicious PDF file and tricking a user into opening it in an affected Chrome browser. The attack requires user interaction, such as clicking a link or downloading and viewing the file, but no special privileges. Successful exploitation allows arbitrary code execution within Chrome's sandbox, potentially compromising the renderer process and enabling further attacks like data theft or persistence, though sandboxing limits broader system access.
Mitigation is addressed in the Chrome stable channel update announced on the Google Chrome Releases blog, which patches the issue in version 147.0.7727.101 and later. Security practitioners should advise users to update Chrome immediately via the built-in updater or enterprise management tools. Additional details are available in the Chromium issue tracker at issues.chromium.org/issues/496618639.
Details
- CWE(s)