CVE-2026-6920

· NIST NVD ↗

Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CRITICAL
CVSS severity
9.6
CVSS base score
2026-04-23
Published

CWE codes

CWE-125

Affected products

google:chromegoogle:androidlinux:linux_kernelmicrosoft:windows

Sources