Google and Microsoft disclosed CVE-2026-7949 on May 6, 2026, a medium‑severity Chromium vulnerability in the Skia graphics library that permits cross‑origin data leaks when attacker‑controlled code executes inside a browser extension’s content script context. The flaw—rated with a CVSSv3.1 score of 6.5—affects Google Chrome before version 148.0.7778.96 and Microsoft Edge before version 148.0.2778.67, and it underscores the persistent risks that browser extensions introduce even in modern, sandbox‑hardened rendering engines.

What is CVE‑2026‑7949?

At its core, CVE‑2026‑7949 is a use‑after‑free bug inside Skia’s GPU‑accelerated path rendering. Skia is the 2D graphics library that underpins Chrome, Edge, and many other Chromium‑based browsers. It handles everything from webpage text and images to WebGL animations. The vulnerability arises when a crafted series of drawing operations causes Skia to retain a dangling pointer to a freed GPU buffer. An attacker who already has code execution inside the renderer process—for example, via a compromised extension content script—can exploit this memory corruption to read heap data that should be isolated to a different origin.

Unlike typical renderer bugs that require a full site compromise, this one is uniquely dangerous because extensions run with elevated privileges. Content scripts injected by extensions can access pages from multiple origins, and the Skia flaw provides a side channel that lets an attacker leak sensitive cross‑origin data by observing what remains in the freed GPU buffer after a drawing operation completes. The Chromium team confirmed the bug was introduced in the Dawn graphics backend refactor that shipped with Chrome 140, and it persisted through all subsequent releases until the patch landed on May 6.

The Cross‑Origin Data Leak Mechanism

Browser extensions that use content scripts are allowed to read and modify the DOM of web pages under specific declared permissions. However, the same‑origin policy normally prevents one origin’s scripts from peering into another origin’s memory spaces. CVE‑2026‑7949 breaks that boundary. When a content script injected into example.com triggers a Skia drawing operation that frees a buffer, the use‑after‑free condition preserves data from previously rendered content—potentially including tokens, cookies, or private information belonging to bank.com that the browser had drawn earlier in the same renderer process.

Site isolation (strict‑origin isolation) should confine such data, but extensions often share a renderer process with multiple tabs when process‑per‑site policies are relaxed to reduce memory overhead. A malicious extension can leverage the timing of GPU buffer allocations and deallocations to extract fine‑grained secrets. Google’s advisory notes that exploitation requires the attacker to already have code running inside the renderer—a condition met by any extension that obtains the <all_urls> host permission or that has been compromised through a supply‑chain attack. Once the buffer is leaked, the attacker can reconstruct sensitive information byte by byte using the typographic or color‑sampling side channels that this class of Skia bugs enables.

Affected Browsers and Patch Timeline

CVE‑2026‑7949 affects all Chromium‑based browsers that shipped before May 6, 2026. Google released Chrome 148.0.7778.96 for Windows, macOS, and Linux through the Stable channel on May 6, simultaneously with a security advisory that credited an anonymous researcher and the Chrome FRB (Fuzzing and Research Bench) team. The update also includes fixes for four other high‑severity renderer flaws, but none tied so directly to extension‑based exploitation.

Microsoft followed with Edge 148.0.2778.67 later the same day. The Microsoft Security Response Center (MSRC) assigned the same CVE identifier and mirrored the advisory, adding that enterprise customers using Group Policy for browser updates would receive the patch automatically. Both vendors emphasized that the vulnerability cannot be triggered through normal website visits; the presence of a malicious or compromised extension is a prerequisite. Still, with over 200,000 extensions in the Chrome Web Store and hundreds of millions of active browser extensions, the attack surface is vast.

Why Extensions Are a Prime Attack Vector

Extensions sit at a dangerous intersection between user‑granted trust and broad API access. To provide useful features—ad blocking, password management, screen capture—many extensions request the activeTab, storage, or even <all_urls> permission. Once installed, a content script from an extension can run on every page the user visits, seeing form inputs, authentication tokens, and private messages. This power makes extensions the perfect delivery vehicle for the renderer‑side code that CVE‑2026‑7949 needs.

The worry is not limited to overtly malicious extensions. A seemingly benign extension can be sold to a new owner who pushes a tampered update. In 2025 alone, Chrome Web Store detected and removed over 34,000 extensions that violated its policies, many after amassing millions of users. CVE‑2026‑7949 could have been packaged inside a legitimate‑looking ad blocker or coupon finder, stealing Google account tokens or banking session cookies with no outward sign of compromise. Because the leak happens inside the renderer and relies on GPU buffer remnants, traditional network‑based detection tools see nothing anomalous.

Real‑World Implications

The impact of a successful cross‑origin data leak ripples outward. An attacker could:

  • Steal OAuth tokens from authentication flows, gaining persistent access to cloud services.
  • Exfiltrate session cookies for financial platforms, bypassing multi‑factor authentication.
  • Read in‑transit credit card numbers entered on an e‑commerce site while the extension pretends to fill a coupon.
  • Harvest corporate documents from web‑based office suites, undermining confidential enterprise data.

Because the bug operates at the graphics layer, it is platform‑agnostic. Windows, macOS, and Linux users are equally vulnerable. Furthermore, enterprise environments that mandate browser extensions for security or productivity are at heightened risk: a single compromised endpoint extension could leak data from all other tabs opened by that employee, including internal tools and dashboards.

Mitigation and Best Practices

Both Google and Microsoft stress that the primary mitigation is simply updating the browser. The patches close the memory management flaw, preventing the dangling pointer from being exploited even if an extension runs untrusted code. Chrome and Edge users can check their version by navigating to chrome://settings/help or edge://settings/help and should see version 148.0.7778.96 or higher. Enterprise IT teams should push the update through their software distribution tools immediately and verify that all managed browsers are current.

Beyond patching, several defensive measures can reduce exposure:

  • Audit installed extensions. Remove any that you do not recognize or that ask for excessively broad permissions. In Chrome, visit chrome://extensions; in Edge, edge://extensions.
  • Enforce extension blocklists. Use Group Policy or Intune to allow only vetted extensions in corporate environments.
  • Enable Enhanced Security Mode. In Chrome’s settings, turn on “Enhanced protection” under Privacy and Security; in Edge, enable “Enhance your security on the web.” These modes apply additional sandboxing that can limit cross‑origin renderer interactions.
  • Restrict extension installation sources. Prevent sideloading and allow installation only from the official stores, where Google and Microsoft can remove known‑bad extensions post‑disclosure.
  • Consider browser isolation products. Running high‑risk extensions in a remote browser isolation (RBI) session further insulates end‑user data.

Google also noted that future Chromium versions will introduce a renderer‑side feature that zeroes cached GPU buffers after rendering operations that cross origin boundaries. This defense‑in‑depth change, slated for Chrome 150, would make similar Skia use‑after‑free bugs far harder to exploit for data exfiltration.

Looking Ahead: The Hydra of Renderer Bugs

CVE‑2026‑7949 is the 14th Chromium Skia vulnerability disclosed in the past two years, and the third to involve extension‑mediated attack paths. Chromium’s architecture, while vastly more secure than legacy browsers, still struggles with the inherent complexity of GPU‑accelerated rendering and the privileged runtime model of extensions. The security community has long advocated for a “privilege‑separated” extension framework that would run content scripts in their own isolated JavaScript contexts, stripping them of access to raw memory layouts. Manifest V3 took a step in that direction by removing blocking webRequest, but it did not solve the underlying graphics pipeline risks.

For Windows users and administrators, the lesson is clear: browser patching cannot lag. The window between a Chromium upstream release and actual enterprise deployment is often where attackers focus. Microsoft’s integration with Windows Update for Edge helps, but many organizations still rely on manual testing cycles that delay the rollout. Automated tooling such as Microsoft Defender Vulnerability Management now tracks browser versions and extension installs, giving security teams better visibility into their exposure to vulnerabilities like CVE‑2026‑7949.

Finally, this bug serves as a reminder that medium‑severity CVEs can carry disproportionate real‑world risk when they align with a common attack vector. Extensions are everywhere, and a single memory management slip inside a foundation library can turn a routine browser update into a race against silent data theft. Users who update today eliminate the threat; those who delay leave a door open that might already be exploited in the wild.

Google has not confirmed active exploitation, but independent researchers observed probing attempts on popular banking domains within 72 hours of the patch release, suggesting that threat actors reverse‑engineer security fixes rapidly. Update your browser, audit your extensions, and stay vigilant—this Skia bug is not the last we will see.