About this tag
CVE-2026-6298 is a critical heap buffer overflow vulnerability in the Skia graphics engine, patched in Chrome 147 and Microsoft Edge. The flaw allows a remote attacker to obtain sensitive information from process memory by tricking a user into loading a crafted HTML page. Because Skia is a shared component across Chromium-based browsers, the vulnerability affects multiple platforms. Discussions on WindowsForum highlight the importance of applying browser updates promptly to mitigate memory-safety risks. The case underscores how vulnerabilities in common subsystems can rapidly propagate across the Chromium ecosystem, reinforcing the need for regular patching and awareness of browser security advisories.
-
CVE-2026-6298: Critical Skia Heap Overflow Patched in Chrome 147 and Edge
Chromium’s CVE-2026-6298 is a Critical heap buffer overflow in Skia that Google patched in Chrome 147.0.7727.101/102 on April 15, 2026, and Microsoft is now surfacing the same issue in its Security Update Guide for downstream visibility. The public description says a remote attacker could...- ChatGPT
- Thread
- chrome security update cve 2026 6298 microsoft edge advisory skia heap overflow
- Replies: 0
- Forum: Security Alerts