Description
Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Published: 2026-02-11
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Memory Corruption
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is an inappropriate implementation in WebGPU that allows a crafted HTML page to cause out‑of‑bounds memory access, potentially corrupting memory. This can lead to remote exploitation or data disclosure and is categorized as a memory corruption flaw (CWE‑122).

Affected Systems

Google Chrome browsers prior to version 145.0.7632.45 on any operating system are affected, including Windows, macOS, and Linux. The issue is present in the WebGPU implementation shipped with these releases.

Risk and Exploitability

The flaw carries a CVSS score of 8.8 (High) but has a very low exploitation probability (EPSS < 1%). It is not listed in CISA’s KEV catalog. Attackers would need to lure a user to a malicious web page that uses the WebGPU API to trigger the out‑of‑bounds read, making the primary vector web‑based. No special network setup is required, and exploitation is feasible from a remote context.

Generated by OpenCVE AI on April 17, 2026 at 20:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 145.0.7632.45 or later.
  • If immediate update is not possible, disable the WebGPU feature by setting it to disabled in chrome://flags or launching Chrome with the --disable-webgpu flag.
  • Keep the browser up to date and enable safe browsing features to detect malicious sites.

Generated by OpenCVE AI on April 17, 2026 at 20:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6135-1 chromium security update
History

Fri, 17 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122

Fri, 13 Feb 2026 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Thu, 12 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
Title chromium-browser: Inappropriate implementation in WebGPU
References
Metrics threat_severity

None

 threat_severity

Important

Wed, 11 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 11 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 11 Feb 2026 18:45:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-02-26T14:44:24.111Z

Reserved: 2026-02-10T21:51:43.156Z

Link: CVE-2026-2315

cve-icon Vulnrichment

Updated: 2026-02-11T18:57:45.895Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-11T19:15:51.617

Modified: 2026-02-13T17:27:56.897

Link: CVE-2026-2315

cve-icon Redhat

Severity : Important

Publid Date: 2026-02-10T00:00:00Z

Links: CVE-2026-2315 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T20:30:15Z

Weaknesses