Home / Vulnerability Intelligence / CVE-2026-6920

CVE-2026-6920 - Vulnerability Analysis

CriticalCVSS: 9.6

Last Updated: April 24, 2026

Google Chrome - Sandbox Escape

Published: April 23, 2026Updated: April 24, 2026Remote Exploitable

Overview

Google Chrome on Android < 147.0.7727.117 contains an out of bounds read in GPU caused by improper memory handling, letting remote attackers with compromised renderer process potentially escape sandbox via crafted HTML page.

Severity & Score

Severity: Critical

CVSS Score: 9.6

EPSS Score: 8.0%(Probability of exploitation in next 30 days)

Impact

Remote attackers with renderer compromise can escape sandbox, leading to potential full system compromise.

Mitigation

Update to version 147.0.7727.117 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Apr 23, 2026

🟠 CVE-2026-6920 - High (7.5) Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6920/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-6920
Severity: Critical
CVSS Score: 9.6
Type: out_of_bounds_rw
Status: confirmed
EPSS: 8.0%
Social Posts: 1

CWE

CWE-125

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Score

8.0%Probability of exploitation in the next 30 days