Description
Out of bounds memory access in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-28
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The CVE describes an out‑of‑bounds memory access (CWE‑125, CWE‑787) in the ANGLE graphics layer of Google Chrome before version 148.0.7778.216. A maliciously crafted HTML page can trigger this flaw, allowing an attacker to execute code inside the browser sandbox. This provides a remote code execution vector for users who open the offending content.

Affected Systems

Any user of Google Chrome with a version earlier than 148.0.7778.216 who views a page containing the crafted content is affected. All builds of Chrome prior to the specified release are susceptible.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity, while the EPSS score of less than 1% shows a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires the user to load a maliciously crafted HTML page; no local privilege escalation is needed beyond normal browsing.

Generated by OpenCVE AI on May 29, 2026 at 18:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install Google Chrome version 148.0.7778.216 or newer.
  • Enable automatic updates for Chrome to receive future patches automatically.
  • Deploy a web filtering solution to block known malicious URLs and reduce exposure to crafted pages.

Generated by OpenCVE AI on May 29, 2026 at 18:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Fri, 29 May 2026 13:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 29 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Memory Access in ANGLE Enables Remote Code Execution chromium-browser: Out of bounds memory access in ANGLE
References
Metrics threat_severity

None

 cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

threat_severity

Important

Fri, 29 May 2026 00:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 29 May 2026 00:00:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Memory Access in ANGLE Enables Remote Code Execution
Weaknesses CWE-787

Thu, 28 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description Out of bounds memory access in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-29T12:46:39.319Z

Reserved: 2026-05-28T17:24:49.321Z

Link: CVE-2026-9910

cve-icon Vulnrichment

Updated: 2026-05-29T12:46:34.980Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T23:16:49.080

Modified: 2026-05-29T17:56:16.063

Link: CVE-2026-9910

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-9910 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T19:00:06Z

Weaknesses