cve 2026-6359

CVE-2026-6359 is a use-after-free vulnerability in the Video component of Chrome, disclosed in April 2026. The flaw was addressed in Chrome 147.0.7727.101/102 for Windows and Mac, and 147.0.7727.101 for Linux. Microsoft also released updates for downstream Windows and Edge users. The vulnerability allows a remote attacker who has already compromised the renderer process to trigger out-of-bounds memory access via a crafted HTML page, posing risks beyond a simple crash. Discussions on WindowsForum highlight the urgency of applying these browser updates to mitigate potential exploitation.