Google Chrome Sandbox Bypass through Skia Integer Overflow

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Google Chrome Sandbox Bypass through Skia Integer Overflow

CVE-2026-5870

Summary

A security vulnerability in Google Chrome's Skia library could allow an attacker to bypass the browser's sandbox and execute malicious code. This could allow an attacker to steal sensitive information or take control of a user's device. Users should update to the latest version of Google Chrome to fix this issue.

Original title

Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Original description

Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vulnerability type

CWE-472

Published: 8 Apr 2026 · Updated: 10 Apr 2026 · First seen: 8 Apr 2026