Add custom CVE matching rule for CVE-2026-5870 (Chrome Skia integer overflow)#43463
Open
kilo-code-bot[bot] wants to merge 1 commit intomainfrom
Open
Add custom CVE matching rule for CVE-2026-5870 (Chrome Skia integer overflow)#43463kilo-code-bot[bot] wants to merge 1 commit intomainfrom
kilo-code-bot[bot] wants to merge 1 commit intomainfrom
Conversation
…verflow) Add a custom vulnerability matching rule to detect CVE-2026-5870 on hosts running Google Chrome versions prior to 147.0.7727.55. This addresses a high-severity integer overflow in Skia that allows remote code execution inside a sandbox via a crafted HTML page. The rule matches both macOS (Google Chrome.app) and Windows (Google Chrome) installations while excluding Chrome Helper processes.
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
Claude Code Review
This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.
Tip: disable this comment in your organization's Code Review settings.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #43463 +/- ##
=======================================
Coverage 66.91% 66.91%
=======================================
Files 2596 2596
Lines 208103 208108 +5
Branches 9321 9321
=======================================
+ Hits 139248 139261 +13
- Misses 56199 56207 +8
+ Partials 12656 12640 -16
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
server/vulnerabilities/customcve/matching_rules.goto detect CVE-2026-5870 on hosts running Google Chrome versions prior to 147.0.7727.55Google Chrome.appfromappssource) and Windows (Google Chromefromprogramssource) while excludingGoogle Chrome HelperprocessesContext
CVE-2026-5870 is a high-severity (CVSS 8.8) integer overflow in Skia in Google Chrome prior to 147.0.7727.55 that allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Published April 8, 2026.
This CVE was disclosed as part of the Chrome 147 stable channel update. Since this is a very recently published CVE, NVD CPE data may not yet be fully enriched, making the custom matching rule necessary to avoid false negatives in Fleet's vulnerability detection.
Changes
server/vulnerabilities/customcve/matching_rules.goserver/vulnerabilities/customcve/matching_rules_test.goBuilt for Dhruv Majumdar by Kilo for Slack