Description
Inappropriate implementation in WebAssembly in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Published: 2026-03-04
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote memory corruption that could lead to code execution
Action: Immediate Patch
AI Analysis

Impact

The flaw is in Chrome’s WebAssembly engine prior to version 145.0.7632.159. An attacker who can supply a crafted HTML page can trigger an out‑of‑bounds memory access inside the browser, corrupting local memory. Such corruption can potentially be leveraged to execute arbitrary code, exfiltrate data, or crash the browser. The vulnerability is classified under CWE‑284, indicating a weakness involving improper authorization or access control.

Affected Systems

This issue affects Google Chrome installations on all major operating systems—Windows, macOS, and Linux—as reflected in the associated CPE strings. Any user running Chrome versions earlier than 145.0.7632.159 is potentially exposed. The vulnerability does not depend on the underlying operating system version beyond the presence of Chrome.

Risk and Exploitability

The CVSS score of 8.8 marks this as a high‑severity flaw, yet the EPSS score is below 1 %, indicating a low probability of current exploitation. It is not currently listed in CISA’s KEV catalog. The likely attack vector requires a victim to visit a malicious or compromised webpage that hosts the exploit. No privileged escalation is required; the attack impacts the user’s browser session directly.

Generated by OpenCVE AI on April 16, 2026 at 13:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to version 145.0.7632.159 or later and restart your browser to apply the patch.
  • Configure your system to receive and install automatic Chrome updates so future fixes are applied without manual intervention.
  • If immediate upgrading is not feasible, mitigate by disabling WebAssembly for untrusted sites via the Chrome flag "--disable-features=WebAssembly" or the enterprise policy "WebAssemblyEnabled" set to false, limiting the attacker’s ability to trigger the vulnerability.

Generated by OpenCVE AI on April 16, 2026 at 13:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6157-1 chromium security update
History

Sat, 07 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Title chromium-browser: Inappropriate implementation in WebAssembly
References
Metrics threat_severity

None

 threat_severity

Important

Thu, 05 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Thu, 05 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 04 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in WebAssembly in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-03-05T16:14:16.008Z

Reserved: 2026-03-04T18:18:29.065Z

Link: CVE-2026-3542

cve-icon Vulnrichment

Updated: 2026-03-05T16:14:10.127Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-04T20:16:21.340

Modified: 2026-03-05T21:55:00.920

Link: CVE-2026-3542

cve-icon Redhat

Severity : Important

Publid Date: 2026-03-03T00:00:00Z

Links: CVE-2026-3542 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T13:15:06Z

Weaknesses