Description
Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published: 2026-02-11
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

Heap buffer overflow in several video and audio codecs within Google Chrome allows a crafted HTML page to overwrite heap memory, potentially enabling arbitrary code execution on the host. The overflow is triggered by processing malformed codec data and, if exploited, could give an attacker full control over the user’s system, compromising confidentiality, integrity, and availability.

Affected Systems

Google Chrome users on any supported platform before build 145.0.7632.45 are affected. This includes Windows, macOS, and Linux distributions for which Chrome is installed.

Risk and Exploitability

The flaw carries a CVSS base score of 8.8, an EPSS of less than 1 percent, and is not listed in the KEV catalog, indicating a low current exploitation probability. Nonetheless, the remote nature of the trigger—via a crafted HTML page—makes the attack vector potentially broad on untrusted sites. Exploitation would require a user to open a maliciously crafted page or download a malicious file that exploits the codec handling code.

Generated by OpenCVE AI on April 17, 2026 at 20:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 145.0.7632.45 or later.
  • Enable automatic updates and verify that the latest stable build is running.
  • Avoid browsing untrusted websites or opening unknown attachments until the browser is patched.

Generated by OpenCVE AI on April 17, 2026 at 20:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6135-1 chromium security update
History

Fri, 13 Feb 2026 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
Weaknesses CWE-787
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Thu, 12 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
Title chromium-browser: Heap buffer overflow in Codecs
References
Metrics threat_severity

None

 threat_severity

Important

Wed, 11 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 11 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 11 Feb 2026 18:45:00 +0000

Type Values Removed Values Added
Description Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-122
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-02-26T14:44:24.440Z

Reserved: 2026-02-10T21:51:42.579Z

Link: CVE-2026-2314

cve-icon Vulnrichment

Updated: 2026-02-11T18:54:08.894Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-11T19:15:51.427

Modified: 2026-02-13T17:27:49.190

Link: CVE-2026-2314

cve-icon Redhat

Severity : Important

Publid Date: 2026-02-10T00:00:00Z

Links: CVE-2026-2314 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T20:30:15Z

Weaknesses