{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5913", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-04-08T19:34:46.615Z", "datePublished": "2026-04-08T21:21:06.156Z", "dateUpdated": "2026-04-08T21:21:06.156Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "147.0.7727.55", "status": "affected", "lessThan": "147.0.7727.55", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Low)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out of bounds read", "cweId": "CWE-125"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-08T21:21:06.156Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}, {"url": "https://issues.chromium.org/issues/487195286"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Low)"}], "id": "CVE-2026-5913", "lastModified": "2026-04-08T22:16:31.220", "metrics": {}, "published": "2026-04-08T22:16:31.220", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/487195286"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "chrome-cve-admin@google.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[147.0.7727.55,147.0.7727.55)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-08T22:55:24.072286+00:00", "value": {"mitigation_remediation": ["Upgrade Google Chrome to version 147.0.7727.55 or later", "Verify that the upgrade has been applied by checking Chrome\u2019s version number"], "summary": {"action": "Apply Patch", "impact": "Potential Confidentiality Compromise via Out-of-Bounds Read"}, "threat_synthesis": {"affected_systems": "Google Chrome browsers that use the Blink engine are impacted. Vulnerable releases are any versions prior to 147.0.7727.55. Users running earlier versions should upgrade immediately, as no other vendors or products are listed as affected.", "description_and_impact": "An out-of-bounds read vulnerability exists in the Blink rendering engine of Google Chrome. A malicious web page can be crafted to trigger this issue, allowing a remote attacker to read memory beyond the intended bounds. The leaked memory could contain sensitive data, resulting in privacy loss. The weakness corresponds to CWE-125.", "risk_and_exploitability": "The Chromium severity is classified as Low, implying limited exploitability or impact, and EPSS is not available. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be remote, via a malicious web page delivered over the network. Although no public exploits are known, the absence of a public exploit does not diminish the potential for future attacks. Applying the vendor patch eliminates the risk."}}}}, "created": "2026-04-09T08:16:39.889063+00:00", "title": "Blink Out-of-Bounds Memory Read via Crafted HTML", "updated": "2026-04-09T08:26:05.672197+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}