Description
Out of bounds write in Dawn in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-28
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out‑of‑bounds memory write in the Dawn rendering engine of Google Chrome on macOS. A crafted HTML page can trigger the overflow, which the Chromium team rates as high severity. Based on the description, it is inferred that the memory overwrite could allow an attacker to corrupt local data structures and potentially take arbitrary code execution on the affected machine.

Affected Systems

Affected are users of Google Chrome running on macOS, specifically versions prior to 148.0.7778.216. No other platforms or products are impacted according to the current CNA data.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity risk. The EPSS score is less than 1%, indicating a very low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. Remote exploitation requires the user to load the malicious HTML from an attacker‑controlled source, such as a compromised website. Based on the description, it is inferred that once the overflow is triggered the attacker could achieve memory corruption that may lead to code execution or other severe consequences. No public exploit is known, but the high severity warrants prompt remediation.

Generated by OpenCVE AI on May 29, 2026 at 15:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to the latest stable version on macOS (≥148.0.7778.216) to remove the vulnerable Dawn engine.
  • Until the update is available, avoid opening untrusted HTML pages from known malicious sites.
  • Monitor Chrome release notes and security advisories for further updates and apply any subsequent patches.

Generated by OpenCVE AI on May 29, 2026 at 15:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Fri, 29 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title Chrome macOS Out‑of‑Bounds Write via Crafted HTML Page chromium-browser: Out of bounds write in Dawn
References
Metrics threat_severity

None

 cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

threat_severity

Important

Fri, 29 May 2026 01:15:00 +0000

Type Values Removed Values Added
Title Chrome macOS Out‑of‑Bounds Write via Crafted HTML Page
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 28 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description Out of bounds write in Dawn in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-787
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-29T18:08:10.994Z

Reserved: 2026-05-28T17:24:53.638Z

Link: CVE-2026-9930

cve-icon Vulnrichment

Updated: 2026-05-29T18:08:07.777Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-28T23:16:51.090

Modified: 2026-05-29T19:16:29.927

Link: CVE-2026-9930

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-9930 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T15:45:16Z

Weaknesses