Description
Out of bounds read and write in Codecs in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: High)
Published: 2026-07-08
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerable implementation in Chrome’s multimedia codecs allows a remote attacker to supply a crafted video file that triggers an out‑of‑bounds read and write. The resulting heap corruption could be leveraged for code execution or other adverse effects, and the vulnerability has been rated as a high‑severity issue by Chromium’s security team.

Affected Systems

Google Chrome products on all platforms, for all desktop versions earlier than 150.0.7871.115, are affected. Any installation that downloads or renders a malicious video file may be compromised.

Risk and Exploitability

The EPSS score is not available and the CVE is not listed in CISA’s KEV catalog, but the vulnerability’s high severity rating indicates a serious risk. Exploitation requires the attacker to convince a user to play a malicious video, either through a website or a local file. No public exploit has been reported yet, but the vulnerability’s mechanics make it a reasonable target for advanced adversaries.

Generated by OpenCVE AI on July 9, 2026 at 08:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to version 150.0.7871.115 or later
  • If an immediate update is not possible, disable hardware video decoding or block the use of media files in the Chromium settings as a temporary mitigation
  • Keep monitoring Google’s release announcements for additional patches or workarounds

Generated by OpenCVE AI on July 9, 2026 at 08:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Jul 2026 09:15:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Read/Write in Chrome Codecs Leading to Heap Corruption
Weaknesses CWE-787
CWE-788

Thu, 09 Jul 2026 01:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 08 Jul 2026 23:00:00 +0000

Type Values Removed Values Added
Description Out of bounds read and write in Codecs in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: High)
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-07-08T22:36:00.919Z

Reserved: 2026-07-08T17:07:40.449Z

Link: CVE-2026-15114

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-09T09:00:14Z

Weaknesses
  • CWE-787

    Out-of-bounds Write

  • CWE-788

    Access of Memory Location After End of Buffer