{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5864", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-04-08T19:34:33.171Z", "datePublished": "2026-04-08T21:20:41.982Z", "dateUpdated": "2026-04-08T21:20:41.982Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "147.0.7727.55", "status": "affected", "lessThan": "147.0.7727.55", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Heap buffer overflow", "cweId": "CWE-122"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-08T21:20:41.982Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}, {"url": "https://issues.chromium.org/issues/490642831"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)"}], "id": "CVE-2026-5864", "lastModified": "2026-04-08T22:16:25.907", "metrics": {}, "published": "2026-04-08T22:16:25.907", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/490642831"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "chrome-cve-admin@google.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[147.0.7727.55,147.0.7727.55)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-08T22:50:12.534543+00:00", "value": {"mitigation_remediation": ["Apply the latest Google Chrome update (147.0.7727.55 or newer).", "Verify that the installed Chrome version meets or exceeds the patched version.", "Avoid visiting untrusted web pages until the update is applied."], "summary": {"action": "Immediate Patch", "impact": "Remote Information Disclosure"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all installations of Google Chrome with versions prior to 147.0.7727.55. Users operating these older releases are vulnerable to memory disclosure if they load a malicious page. Newer releases, beginning with 147.0.7727.55, contain the fix that blocks the overflow.", "description_and_impact": "A heap buffer overflow exists in the WebAudio component of Google Chrome versions older than 147.0.7727.55. The flaw permits a remote attacker, through a crafted webpage, to read data from the browser process memory and exfiltrate potentially sensitive information. The weakness corresponds to unchecked bounds in a heap buffer, classified as CWE\u2011122, and the Chromium project rates the vulnerability as high severity.", "risk_and_exploitability": "The vulnerability is remote, triggered by opening a malicious HTML document in the browser. While no EPSS score is available and it is not listed in the CISA KEV catalog, the high severity rating and the nature of the flaw suggest that exploitation is feasible with a crafted payload. Administrators should treat it as a significant risk until the preset update is installed, after which the risk is mitigated."}}}}, "created": "2026-04-09T08:17:38.558227+00:00", "title": "Heap Buffer Overflow in Chrome WebAudio Allows Remote Information Disclosure", "updated": "2026-04-09T08:27:02.056478+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}