Description
Out of bounds write in Codecs in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)
Published: 2026-05-14
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds write in the Codecs component of Google Chrome on macOS versions prior to 148.0.7778.168 can be triggered by a specially crafted video file. The flaw allows a remote attacker to escape the browser sandbox, potentially enabling the execution of arbitrary code on the host system. The weakness is classified as CWE‑787.

Affected Systems

The vulnerability affects Google Chrome running on macOS devices. Versions before 148.0.7778.168 are vulnerable; later releases contain the fix.

Risk and Exploitability

No EPSS data is available, and the vulnerability is not listed in the CISA KEV catalog. The CVSS score is 8.3, indicating high severity. The medium Chromium severity rating suggests that while the flaw is serious, attackers would need to supply a crafted video to the target. The risk is contingent on user interaction with malicious media, but a sandbox escape permits full compromise of the host. The lack of public exploit data implies the threat may still be low to moderate but the potential impact warrants prompt remediation.

Generated by OpenCVE AI on May 14, 2026 at 23:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install Chrome update 148.0.7778.168 or later
  • Enable Chrome auto‑update to receive security patches automatically
  • Avoid opening unknown or suspicious video files until the browser is updated

Generated by OpenCVE AI on May 14, 2026 at 23:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6273-1 chromium security update
History

Fri, 15 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Write in Google Chrome Codecs Allows Sandbox Escape via Crafted Video File on macOS chromium-browser: chromium-browser: Out of bounds write in Codecs
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 15 May 2026 00:00:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Write in Google Chrome Codecs Allows Sandbox Escape via Crafted Video File on macOS

Thu, 14 May 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 14 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description Out of bounds write in Codecs in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)
Weaknesses CWE-787
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-15T03:57:22.267Z

Reserved: 2026-05-14T05:40:24.317Z

Link: CVE-2026-8569

cve-icon Vulnrichment

Updated: 2026-05-14T21:18:40.457Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-14T20:17:19.127

Modified: 2026-05-14T22:16:50.293

Link: CVE-2026-8569

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-14T19:52:32Z

Links: CVE-2026-8569 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T23:45:31Z

Weaknesses