Name CVE-2026-9893 Description Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) Source CVE (at NVD ; CERT , ENISA , LWN , oss-sec , fulldisc , Debian ELTS , Red Hat , Ubuntu , Gentoo , SUSE bugzilla /CVE , GitHub advisories /code /issues , web search , more )References DSA-6316-1
Vulnerable and fixed packages The table below lists information on source packages.
Source Package Release Version Status chromium (PTS )bullseye (security), bullseye 120.0.6099.224-1~deb11u1 vulnerable bookworm 147.0.7727.137-1~deb12u1 vulnerable bookworm (security) 149.0.7827.102-1~deb12u1 fixed trixie 147.0.7727.137-1~deb13u1 vulnerable trixie (security) 149.0.7827.102-1~deb13u1 fixed forky 148.0.7778.178-1 vulnerable sid 149.0.7827.102-1 fixed libskia (PTS )forky, sid 146.20260414~git.ef5f213+dfsg-5 fixed
The information below is based on the following data on fixed versions.
Package Type Release Fixed Version Urgency Origin Debian Bugs chromium source bullseye (unfixed) end-of-life chromium source bookworm 148.0.7778.215-1~deb12u1 DSA-6316-1 chromium source trixie 148.0.7778.215-1~deb13u1 DSA-6316-1 chromium source (unstable) 148.0.7778.215-1 libskia source (unstable) 146.20260414~git.ef5f213+dfsg-5
Notes [bullseye] - chromium <end-of-life> (see #1061268) 