CVE-2026-8559 - Vulnerability Details

- chromium-browser: chromium-browser: Integer overflow in Internationalization

Description

Integer overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Published: 2026-05-14

Score: 4.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An integer overflow in the internationalization subsystem of Google Chrome on Windows, present in versions earlier than 148.0.7778.168, allows an attacker to trigger an out‑of‑bounds write by serving a specially crafted HTML document. This vulnerability is a classic example of CWE‑190: Integer Overflow or Wraparound and CWE‑472: Struct Mismanagement, where improperly sized data structures lead to memory corruption. If successfully exploited, the out‑of‑bounds write could result in arbitrary code execution or a denial‑of‑service condition in the browser process.

Affected Systems

Google Chrome running on Windows, any version earlier than 148.0.7778.168. Those releases are affected by the integer overflow in the internationalization component.

Risk and Exploitability

The CVSS score is 4.3, indicating low severity. The attack vector is remote; it requires a malicious HTML page delivered to a victim’s Chrome browser on Windows. Because the flaw leads to memory corruption, a successful exploit could result in a browser crash or potentially allow arbitrary code execution. No KEV listing or EPSS score is available, but the lack of these metrics does not diminish the risk. Until the browser is updated, users remain potentially vulnerable to exploitation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Google

Chrome

affected

Version	Status	Constraints
`148.0.7778.168`	affected	< 148.0.7778.168

No data.

Vendor Product Confidence Versions

Google

Chrome

100%

Version	Status	Scheme	Platform
`[148.0.7778.168,148.0.7778.168)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update Google Chrome to 148.0.7778.168 or later using the browser’s built‑in update mechanism or by installing the latest package from the official site.
Enable automatic updates so that future patches are applied without manual intervention.
If immediate update is not possible, consider limiting exposure by blocking or restricting access to sites capable of serving malicious HTML; this is a temporary workaround that mitigates the risk until the official patch can be applied.

Generated by OpenCVE AI on May 15, 2026 at 13:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DSA	DSA-6273-1	chromium security update

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00026.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html
https://issues.chromium.org/issues/504629701
https://nvd.nist.gov/vuln/detail/CVE-2026-8559
https://www.cve.org/CVERecord?id=CVE-2026-8559

History

Fri, 15 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Title		chromium-browser: chromium-browser: Integer overflow in Internationalization
Weaknesses		CWE-190
References		https://nvd.nist.gov/vuln/detail/CVE-2026-8559 https://www.cve.org/CVERecord?id=CVE-2026-8559
Metrics	threat_severity `None`	threat_severity `Important`

Thu, 14 May 2026 23:45:00 +0000

Type	Values Removed	Values Added
Title	Integer Overflow in Chrome Internationalization Enables Out‑of‑Bounds Write via Crafted HTML

Thu, 14 May 2026 23:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google Google chrome
Vendors & Products		Google Google chrome

Thu, 14 May 2026 22:30:00 +0000

Type	Values Removed	Values Added
Title		Integer Overflow in Chrome Internationalization Enables Out‑of‑Bounds Write via Crafted HTML

Thu, 14 May 2026 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 14 May 2026 20:15:00 +0000

Type	Values Removed	Values Added
Description		Integer overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Weaknesses		CWE-472
References		https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html https://issues.chromium.org/issues/504629701

Subscriptions

Google Chrome

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2026-05-14T19:52:29.071Z

Updated: 2026-05-14T21:26:58.176Z

Reserved: 2026-05-14T05:40:22.074Z

Link: CVE-2026-8559

Vulnrichment

Updated: 2026-05-14T21:26:53.755Z

NVD

Status : Awaiting Analysis

Published: 2026-05-14T20:17:17.977

Modified: 2026-05-14T22:16:49.410

Link: CVE-2026-8559

Redhat

Severity : Important

Publid Date: 2026-05-14T19:52:29Z

Links: CVE-2026-8559 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-15T13:45:16Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object