Description
Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-28
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out‑of‑bounds write in the GPU code path of Google Chrome prior to version 148.0.7778.216. It can be triggered by a remote attacker who has already compromised the renderer process through a crafted HTML page, allowing the attacker to escape the renderer sandbox and potentially execute arbitrary code on the host.

Affected Systems

Affected users are those running any Google Chrome desktop version before 148.0.7778.216. The flaw applies to all builds that include the vulnerable GPU driver integration in the Chrome rendering pipeline. It is likely that the affected platforms include Windows, macOS, and Linux, inferred from Chrome's typical desktop distribution.

Risk and Exploitability

Chromium lists the flaw as high severity, and the CVSS score is 9.0. The EPSS score is below 1%, indicating a low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires compromising the renderer process and delivering a malicious HTML page. While no public exploit is known, the nature of the sandbox escape poses a high risk to confidentiality, integrity, and availability of affected systems.

Generated by OpenCVE AI on May 29, 2026 at 14:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Chrome to version 148.0.7778.216 or later to receive the fixed GPU driver behaviour.
  • If an upgrade is not immediately possible, disable GPU hardware acceleration via chrome://flags or the --disable-gpu command‑line flag to eliminate the vulnerable code path.
  • Continuously monitor Chrome security advisories and apply the latest updates as soon as they are available.

Generated by OpenCVE AI on May 29, 2026 at 14:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Fri, 29 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds GPU Write Enables Remote Sandbox Escape in Google Chrome chromium-browser: Out of bounds write in GPU
References
Metrics threat_severity

None

 cvssV3_1

{'score': 9.0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

threat_severity

Important

Fri, 29 May 2026 01:15:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds GPU Write Enables Remote Sandbox Escape in Google Chrome
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 28 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-787
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-29T15:27:50.528Z

Reserved: 2026-05-28T17:24:48.499Z

Link: CVE-2026-9906

cve-icon Vulnrichment

Updated: 2026-05-29T15:27:46.517Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-28T23:16:48.663

Modified: 2026-05-29T16:16:37.147

Link: CVE-2026-9906

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-9906 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T14:45:06Z

Weaknesses