Description
Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-28
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an integer overflow in Google Chrome’s ANGLE graphics library. The flaw permits a remote attacker who hosts a specially crafted HTML page to trigger an out‑of‑bounds memory read in the renderer process. If the read succeeds, an attacker could recover arbitrary memory contents, potentially exposing privileged information such as user credentials, cryptographic keys, or other sensitive data present in the browsing context.

Affected Systems

All desktop installations of Google Chrome running a version earlier than 148.0.7778.216 are affected. The issue is independent of the operating system; any user of a pre‑patch Chrome release is at risk until the patched version is installed.

Risk and Exploitability

The CVSS score of 6.5 marks the flaw in the medium‑high range, while the EPSS score is below 1%, indicating a very low likelihood of widespread exploitation. The vulnerability is not listed in CISA KEV. An attacker would need only to deliver the crafted page to a victim’s browser; no public exploit is known yet, but the simplicity of the out‑of‑bounds read makes potential impact significant for users who visit untrusted sites.

Generated by OpenCVE AI on May 29, 2026 at 14:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 148.0.7778.216 or later.
  • If an update cannot be applied immediately, avoid browsing untrusted web sites or use an alternative browser that is not affected by this issue.
  • Until a fixed version is installed, employ a firewall or content filter to block or quarantine URLs or domains capable of delivering malicious HTML content.

Generated by OpenCVE AI on May 29, 2026 at 14:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N'}

Fri, 29 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Memory Read via Integer Overflow in ANGLE of Google Chrome chromium-browser: Integer overflow in ANGLE
Weaknesses CWE-190
References
Metrics threat_severity

None

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

threat_severity

Important

Fri, 29 May 2026 00:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 29 May 2026 00:00:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Memory Read via Integer Overflow in ANGLE of Google Chrome

Thu, 28 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-472
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-29T17:49:12.305Z

Reserved: 2026-05-28T17:24:49.531Z

Link: CVE-2026-9911

cve-icon Vulnrichment

Updated: 2026-05-29T17:49:08.207Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-28T23:16:49.197

Modified: 2026-05-29T19:16:29.603

Link: CVE-2026-9911

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-9911 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T14:45:06Z

Weaknesses