CVE-2026-6361 Google CVE debrief

Who should care

Organizations with Windows endpoints running Google Chrome, particularly those handling untrusted PDF content. Security teams responsible for browser security posture and patch management. Incident response teams monitoring for browser-based exploitation attempts.

Technical summary

The vulnerability exists in PDFium, Chrome's open-source PDF rendering library. A heap-based buffer overflow can be triggered when processing a maliciously crafted PDF document, requiring the user to perform specific UI interactions. The overflow occurs in heap memory, potentially allowing an attacker to corrupt memory structures and achieve code execution. Chrome's multi-process architecture and sandboxing confine the execution to the renderer process, limiting but not eliminating the security impact. The attack complexity is rated as high due to the required UI gesture component.

Defensive priority

HIGH

Recommended defensive actions

• Update Google Chrome on Windows to version 147.0.7727.101 or later to remediate this vulnerability.
• Consider implementing application control policies to restrict execution of untrusted PDF files in Chrome until updates can be deployed.
• Monitor for suspicious PDF attachments in email and web content that may attempt to exploit this vulnerability.
• Enable Chrome's site isolation features and ensure sandboxing remains active to contain potential exploitation attempts.
• Review endpoint detection and response (EDR) configurations for detection of heap corruption indicators in Chrome processes.

Evidence notes

CVE description confirms heap buffer overflow in PDFium component. CVSS 8.3 (High) with attack vector requiring network access, high attack complexity, no privileges required, and user interaction. Affected versions confirmed as Chrome on Windows prior to 147.0.7727.101 via vendor advisory. CWE-122 (Heap-based Buffer Overflow) identified as primary weakness.

Official resources