Description
Integer overflow in Dawn in Google Chrome on Mac prior to 146.0.7680.153 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Published: 2026-03-20
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross-origin data leakage via a crafted web page
Action: Immediate Patch
AI Analysis

Impact

An integer overflow in the Dawn graphics renderer of Google Chrome for macOS allows a remote attacker who can control a web page to access data belonging to another origin. The flaw arises when processing a specially crafted HTML document, enabling the attacker to read memory contents that should remain protected. This could expose sensitive information such as login tokens, personal data, or other confidential material that the browser holds for legitimate sites.

Affected Systems

The vulnerability affects Google Chrome running on macOS prior to version 146.0.7680.153. Any user accessing the described crafted web page on those Chrome releases is susceptible, regardless of other operating system versions or hardware.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation in the wild. However, the attack can be performed simply by visiting a malicious web page, making it a remote, client‑side vulnerability that does not require privileged access. The flaw is not yet listed in the CISA KEV catalog, but because the exploitation path is straightforward, users running affected versions should be advised to update promptly.

Generated by OpenCVE AI on March 20, 2026 at 20:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 146.0.7680.153 or later.

Generated by OpenCVE AI on March 20, 2026 at 20:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6171-1 chromium security update
History

Fri, 20 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Fri, 20 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N'}

Fri, 20 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Title Chrome Integer Overflow Leads to Cross‑Origin Data Leakage on macOS chromium-browser: Integer overflow in Dawn
Weaknesses CWE-190
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N'}

threat_severity

Important

Fri, 20 Mar 2026 11:15:00 +0000

Type Values Removed Values Added
Title Chrome Integer Overflow Leads to Cross‑Origin Data Leakage on macOS

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 20 Mar 2026 02:15:00 +0000

Type Values Removed Values Added
Description Integer overflow in Dawn in Google Chrome on Mac prior to 146.0.7680.153 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-472
References

Subscriptions

Apple Macos
Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-03-20T14:54:20.752Z

Reserved: 2026-03-19T20:23:51.629Z

Link: CVE-2026-4453

cve-icon Vulnrichment

Updated: 2026-03-20T14:54:17.661Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-20T02:16:38.357

Modified: 2026-03-20T19:04:24.210

Link: CVE-2026-4453

cve-icon Redhat

Severity : Important

Publid Date: 2026-03-18T00:00:00Z

Links: CVE-2026-4453 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:09:52Z

Weaknesses