Description
Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Published: 2026-03-04
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Immediate Patch
AI Analysis

Impact

This vulnerability arises from an improper handling of CSS directives in Chrome prior to version 145.0.7632.159. A remote attacker can craft a malicious HTML page that, when opened in the browser, causes an out‑of‑bounds memory read. The consequence is exposure of sensitive data that resides in memory, potentially enabling an attacker to infer or exfiltrate confidential information. The weakness is classified as CWE‑284, indicating an authorization or access‑control flaw that permits unauthorized memory access.

Affected Systems

Google Chrome versions older than 145.0.7632.159 on Windows, macOS, and Linux. The flaw is present in all desktop distributions regardless of operating system, as identified by the vendor’s product listings.

Risk and Exploitability

The CVSS score of 8.8 reflects high severity, but the EPSS score of less than 1% indicates that the probability of exploitation is currently low. The issue is not listed in the CISA KEV catalog. The attack vector is inferred to be remote and requires the victim to open a specifically crafted HTML document in Chrome. No authentication or privileged access is needed, making the threat relevant to any user who may inadvertently view malicious web content.

Generated by OpenCVE AI on April 16, 2026 at 13:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 145.0.7632.159 or newer on all affected machines.
  • Configure Chrome to enable automatic updates so future patches are applied without manual intervention.
  • Avoid opening unknown or untrusted HTML files in Chrome; consider using a different browser for suspicious content or applying a strict content‑security policy in internal web applications to block exploit payloads.

Generated by OpenCVE AI on April 16, 2026 at 13:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6157-1 chromium security update
History

Sat, 07 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Title chromium-browser: Inappropriate implementation in CSS
References
Metrics threat_severity

None

 threat_severity

Important

Thu, 05 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Thu, 05 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 04 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-03-05T16:09:38.228Z

Reserved: 2026-03-04T18:18:28.806Z

Link: CVE-2026-3541

cve-icon Vulnrichment

Updated: 2026-03-05T16:09:27.327Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-04T20:16:21.230

Modified: 2026-03-05T21:55:52.380

Link: CVE-2026-3541

cve-icon Redhat

Severity : Important

Publid Date: 2026-03-03T00:00:00Z

Links: CVE-2026-3541 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T13:15:06Z

Weaknesses