Description
Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-05-14
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A single integer overflow in the ANGLE component of Google Chrome on Windows allows a remote attacker, through a specially crafted HTML page, to perform an out‑of‑bounds memory write. The flaw is an integer wraparound (CWE‑190) combined with a signedness conversion error (CWE‑472), which can compromise data integrity and potentially enable arbitrary code execution if the attacker can influence execution flow. The Chromium severity is rated medium, but the potential impact is non‑trivial.

Affected Systems

Google Chrome – Windows users running any release prior to 148.0.7778.168 are vulnerable. The issue was fixed in the 148.0.7778.168 update and later versions, so any installation that has not been updated is at risk.

Risk and Exploitability

The vulnerability can be exploited remotely by serving a malicious HTML page to the target. The CVSS score of 4.3 indicates medium severity. Based on the description, it is inferred that an attacker might achieve arbitrary code execution through the out‑of‑bounds write. The lack of an EPSS score indicates an uncertain probability of exploitation, and the issue is not listed in CISA’s KEV catalog. The likely attack vector involves a user viewing an untrusted web page that triggers the out‑of‑bounds memory write when ANGLE processes the content.

Generated by OpenCVE AI on May 15, 2026 at 14:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Chrome update for Windows (148.0.7778.168 or newer) to eliminate the integer overflow in ANGLE.
  • Ensure automatic updates are enabled so future security releases are received without delay.
  • Use web‑filtering controls to block delivery of untrusted or malicious web pages that could exploit ANGLE from reaching users.

Generated by OpenCVE AI on May 15, 2026 at 14:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6273-1 chromium security update
History

Fri, 15 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title Integer Overflow in ANGLE Enabling Out‑of‑Bounds Memory Write on Windows Chrome chromium-browser: chromium-browser: Integer overflow in ANGLE
Weaknesses CWE-190
References
Metrics threat_severity

None

 threat_severity

Moderate

Thu, 14 May 2026 23:15:00 +0000

Type Values Removed Values Added
Title Integer Overflow in ANGLE Enabling Out‑of‑Bounds Memory Write on Windows Chrome

Thu, 14 May 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 14 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-472
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-14T21:24:07.166Z

Reserved: 2026-05-14T05:40:23.854Z

Link: CVE-2026-8567

cve-icon Vulnrichment

Updated: 2026-05-14T21:24:00.723Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-14T20:17:18.900

Modified: 2026-05-14T22:16:50.147

Link: CVE-2026-8567

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-14T19:52:31Z

Links: CVE-2026-8567 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T14:15:51Z

Weaknesses