CVE-2026-7346: Inappropriate implementation in Google Chrome
CVE-2026-7346 is a high-severity vulnerability in Google Chrome prior to version 147. 0. 7727. 138 involving an inappropriate implementation in the Tint component. This flaw allows a remote attacker to perform out-of-bounds memory access by delivering a crafted HTML page. The vulnerability affects desktop versions of Chrome and was publicly disclosed on April 28, 2026. There is no CVSS score available for this issue, and no explicit remediation level or patch status is provided in the available data. Google has published an advisory linked to the stable channel update for Chrome, which likely addresses this vulnerability.
AI Analysis
Technical Summary
The vulnerability CVE-2026-7346 concerns an inappropriate implementation in the Tint component of Google Chrome before version 147.0.7727.138. It enables a remote attacker to cause out-of-bounds memory access by crafting a malicious HTML page. This type of memory access issue can lead to potential security risks such as crashes or code execution, depending on exploitation. The vulnerability is classified with high severity by Chromium security. No CVSS score or detailed remediation status is provided in the data, but a vendor advisory URL points to a stable channel update that presumably includes a fix.
Potential Impact
The impact of this vulnerability is that a remote attacker can cause out-of-bounds memory access in affected versions of Google Chrome, which may lead to security issues such as application crashes or potentially arbitrary code execution. The severity is rated high by Chromium security, indicating a significant risk if exploited. There are no known exploits in the wild at the time of disclosure.
Mitigation Recommendations
Google has published a stable channel update for Chrome that likely addresses this vulnerability. Users should update their Chrome browsers to version 147.0.7727.138 or later to mitigate this issue. Patch status is not explicitly confirmed in the advisory, but given the nature of Chrome updates, the vendor manages remediation through browser updates. Check the official Google Chrome release blog for the latest update and ensure the browser is up to date.
CVE-2026-7346: Inappropriate implementation in Google Chrome
Description
CVE-2026-7346 is a high-severity vulnerability in Google Chrome prior to version 147. 0. 7727. 138 involving an inappropriate implementation in the Tint component. This flaw allows a remote attacker to perform out-of-bounds memory access by delivering a crafted HTML page. The vulnerability affects desktop versions of Chrome and was publicly disclosed on April 28, 2026. There is no CVSS score available for this issue, and no explicit remediation level or patch status is provided in the available data. Google has published an advisory linked to the stable channel update for Chrome, which likely addresses this vulnerability.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2026-7346 concerns an inappropriate implementation in the Tint component of Google Chrome before version 147.0.7727.138. It enables a remote attacker to cause out-of-bounds memory access by crafting a malicious HTML page. This type of memory access issue can lead to potential security risks such as crashes or code execution, depending on exploitation. The vulnerability is classified with high severity by Chromium security. No CVSS score or detailed remediation status is provided in the data, but a vendor advisory URL points to a stable channel update that presumably includes a fix.
Potential Impact
The impact of this vulnerability is that a remote attacker can cause out-of-bounds memory access in affected versions of Google Chrome, which may lead to security issues such as application crashes or potentially arbitrary code execution. The severity is rated high by Chromium security, indicating a significant risk if exploited. There are no known exploits in the wild at the time of disclosure.
Mitigation Recommendations
Google has published a stable channel update for Chrome that likely addresses this vulnerability. Users should update their Chrome browsers to version 147.0.7727.138 or later to mitigate this issue. Patch status is not explicitly confirmed in the advisory, but given the nature of Chrome updates, the vendor manages remediation through browser updates. Check the official Google Chrome release blog for the latest update and ensure the browser is up to date.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Chrome
- Date Reserved
- 2026-04-28T20:02:40.077Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html","vendor":"Google"}]
Threat ID: 69f13d73cbff5d8610e3554e
Added to database: 4/28/2026, 11:06:27 PM
Last enriched: 4/28/2026, 11:22:38 PM
Last updated: 4/29/2026, 12:18:30 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.