Cyber Resilience

CVE-2026-6305

High

Published: 15 April 2026

Published
15 April 2026
Modified
27 May 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0034 25.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-6305 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Google Chrome. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 25.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-6305 is a heap buffer overflow vulnerability in the PDFium component of Google Chrome versions prior to 147.0.7727.101. PDFium, an open-source PDF rendering engine used by Chrome, mishandles certain inputs, leading to the overflow. The issue is classified under CWE-122 (Heap-based Buffer Overflow) and CWE-787 (Out-of-bounds Write), with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), rated as High severity by Chromium security.

A remote attacker can exploit this vulnerability by crafting a malicious PDF file and tricking a user into opening it in an affected Chrome browser. The attack requires user interaction, such as clicking a link or downloading and viewing the file, but no special privileges. Successful exploitation allows arbitrary code execution within Chrome's sandbox, potentially compromising the renderer process and enabling further attacks like data theft or persistence, though sandboxing limits broader system access.

Mitigation is addressed in the Chrome stable channel update announced on the Google Chrome Releases blog, which patches the issue in version 147.0.7727.101 and later. Security practitioners should advise users to update Chrome immediately via the built-in updater or enterprise management tools. Additional details are available in the Chromium issue tracker at issues.chromium.org/issues/496618639.

EU & UK References

Vulnerability details

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Heap buffer overflow in Chrome PDF renderer enables arbitrary code execution when user opens crafted malicious PDF (T1203 Exploitation for Client Execution); delivery and trigger via user opening the file (T1204.002 Malicious File).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-4455Same product: Apple Macos
CVE-2026-6306Same product: Apple Macos
CVE-2026-2314Same product: Apple Macos
CVE-2026-3544Same product: Apple Macos
CVE-2026-3931Same product: Apple Macos
CVE-2026-3913Same product: Apple Macos
CVE-2026-1861Same product: Apple Macos
CVE-2026-4673Same product: Apple Macos
CVE-2026-4675Same product: Apple Macos
CVE-2026-5272Same product: Apple Macos

Affected Assets

google
chrome
≤ 147.0.7727.101

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and remediation of the heap buffer overflow flaw in PDFium via Chrome updates to 147.0.7727.101 or later.

prevent

Implements memory safeguards like address space layout randomization and data execution prevention to block arbitrary code execution from heap buffer overflows.

preventdetect

Deploys malicious code protection mechanisms to scan for and block crafted PDF files exploiting the PDFium vulnerability.

References