Description
Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Published: 2026-05-14
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An integer overflow in the ANGLE component of Google Chrome on Windows allows a remote attacker to cause an out‑of‑bounds memory write by delivering a crafted HTML page.

Affected Systems

All installations of Google Chrome on Windows running a build before 148.0.7778.168 are vulnerable. This includes any Windows machine that has not applied the stable channel update released in May 2026.

Risk and Exploitability

The CVSS score is 8.8 and Chrome classifies the flaw as Critical. An attacker can host a malicious web page that triggers the overflow when a user visits it. The vulnerability is not listed in CISA’s KEV catalog, and no EPSS data is available. The attack requires remote interaction only, so any user who opens a malicious page could be affected if the browser is not updated.

Generated by OpenCVE AI on May 15, 2026 at 13:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install Chrome version 148.0.7778.168 or newer on all affected Windows systems.
  • Configure enterprise update policy to enforce automatic updates of Chrome so no Windows machine stays on a vulnerable build.
  • Use web filtering or browser extensions that detect anomalous HTML generation to block malicious content.

Generated by OpenCVE AI on May 15, 2026 at 13:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6273-1 chromium security update
History

Fri, 15 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title chromium-browser: chromium-browser: Integer overflow in ANGLE
Weaknesses CWE-190
References
Metrics threat_severity

None

 threat_severity

Critical

Fri, 15 May 2026 00:15:00 +0000

Type Values Removed Values Added
Title ANGLE Integer Overflow Enables Out-of-Bounds Write in Chrome

Thu, 14 May 2026 22:45:00 +0000

Type Values Removed Values Added
Title ANGLE Integer Overflow Enables Out-of-Bounds Write in Chrome

Thu, 14 May 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 14 May 2026 22:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 14 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Weaknesses CWE-472
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-15T03:57:25.329Z

Reserved: 2026-05-14T05:40:12.596Z

Link: CVE-2026-8519

cve-icon Vulnrichment

Updated: 2026-05-14T21:34:27.695Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-14T20:17:12.663

Modified: 2026-05-14T22:16:46.123

Link: CVE-2026-8519

cve-icon Redhat

Severity : Critical

Publid Date: 2026-05-14T19:52:14Z

Links: CVE-2026-8519 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T13:30:45Z

Weaknesses