Description
Type Confusion in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-14
Score: 3.1 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A type confusion bug in the ANGLE component of Google Chrome on Windows allows a remote attacker who has already compromised the renderer process to perform an out-of-bounds memory write. The vulnerability is a high severity issue by Chromium because it directly affects binary memory safety.

Affected Systems

Google Chrome for Windows versions earlier than 148.0.7778.168 are vulnerable. The bug resides in the ANGLE rendering engine used by Chrome’s renderer process.

Risk and Exploitability

The CVSS score is 3.1, EPSS < 1%, and the vulnerability is not listed in the CISA KEV catalog. The bug requires a remote attacker who has already compromised the renderer process, typically via a crafted HTML page, to perform an out-of-bounds memory write. The impact of that write is not specified beyond the memory corruption.

Generated by OpenCVE AI on May 15, 2026 at 15:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 148.0.7778.168 or later.
  • Ensure the Chrome sandbox and process isolation features are enabled to isolate renderer processes.
  • Configure site isolation and strict site isolation in Chrome to restrict memory sharing among renderer processes.

Generated by OpenCVE AI on May 15, 2026 at 15:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6273-1 chromium security update
History

Fri, 15 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Fri, 15 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title Type Confusion Leads to Out‑of‑Bounds Memory Write in Chrome on Windows chromium-browser: chromium-browser: Type Confusion in ANGLE
References
Metrics threat_severity

None

 cvssV3_1

{'score': 9.0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

threat_severity

Important

Thu, 14 May 2026 23:30:00 +0000

Type Values Removed Values Added
Title Type Confusion Leads to Out‑of‑Bounds Memory Write in Chrome on Windows

Thu, 14 May 2026 22:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 14 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description Type Confusion in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-843
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-15T13:57:48.950Z

Reserved: 2026-05-14T05:40:20.872Z

Link: CVE-2026-8554

cve-icon Vulnrichment

Updated: 2026-05-15T13:57:44.496Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-14T20:17:16.817

Modified: 2026-05-15T15:16:55.130

Link: CVE-2026-8554

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-14T19:52:27Z

Links: CVE-2026-8554 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T16:00:03Z

Weaknesses