skia heap overflow

The tag skia heap overflow covers a critical heap buffer overflow vulnerability in the Skia graphics engine, tracked as CVE-2026-6298. This flaw was patched in Chrome 147.0.7727.101/102 on April 15, 2026, and subsequently surfaced by Microsoft in its Security Update Guide. The vulnerability allows a remote attacker to obtain sensitive information from process memory by tricking a victim into loading a crafted HTML page. It highlights how memory-safety issues in shared subsystems like Skia can rapidly propagate across the Chromium ecosystem, affecting browsers such as Chrome and Edge. Users should ensure their browsers are updated to the latest patched versions to mitigate risk.