Description
Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-28
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds write in ANGLE within Google Chrome can result in heap corruption, which may allow a remote attacker to execute arbitrary code. The weakness corresponds to CWE‑787 and is classified with a high severity level by Chromium’s security team.

Affected Systems

Google Chrome builds older than 148.0.7778.216 are affected; this includes the stable channel releases prior to that version. Only Google Chrome browsers are impacted.

Risk and Exploitability

The EPSS score is low (<1%) and it is not listed in the CISA KEV catalog. Nevertheless, because user interaction with a crafted HTML page is required, the exploit is considered moderate to high in risk. The attack likely proceeds by loading malicious web content that triggers the out‑of‑bounds write, potentially leading to privilege escalation or system compromise. No public exploit is known at the time of this report.

Generated by OpenCVE AI on May 29, 2026 at 14:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Chrome to version 148.0.7778.216 or later
  • Enable automatic updates so future mitigations are applied promptly
  • Apply a content-security policy that restricts loading of untrusted HTML or script resources to reduce exposure until a patch is in place

Generated by OpenCVE AI on May 29, 2026 at 14:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 29 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Write in ANGLE Enables Remote Code Execution via Crafted HTML Page chromium-browser: Out of bounds write in ANGLE
References
Metrics threat_severity

None

 cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

threat_severity

Important

Fri, 29 May 2026 01:00:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Write in ANGLE Enables Remote Code Execution via Crafted HTML Page
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 28 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-787
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-29T17:58:10.355Z

Reserved: 2026-05-28T17:25:03.034Z

Link: CVE-2026-9965

cve-icon Vulnrichment

Updated: 2026-05-29T17:58:04.777Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-28T23:16:54.720

Modified: 2026-05-29T19:16:30.790

Link: CVE-2026-9965

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-9965 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T14:45:06Z

Weaknesses