CVE-2026-5864
Heap Buffer Overflow in Chrome WebAudio Risks Data Leak
Publication date: 2026-04-08
Last updated on: 2026-04-14
Assigner: Chrome
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chrome | to 147.0.7727.55 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page due to a heap buffer overflow in WebAudio in Google Chrome prior to version 147.0.7727.55.
Such unauthorized access to sensitive information could potentially lead to non-compliance with data protection regulations and standards like GDPR and HIPAA, which require the protection of personal and sensitive data against unauthorized access.
Can you explain this vulnerability to me?
This vulnerability is a heap buffer overflow in the WebAudio component of Google Chrome versions prior to 147.0.7727.55. It allows a remote attacker to exploit a crafted HTML page to access potentially sensitive information from the process memory.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information stored in the process memory of the browser. This means an attacker could potentially steal private data by tricking a user into visiting a maliciously crafted web page.