Description
Integer overflow in XML in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-28
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An integer overflow occurs when Chrome parses XML files on Windows before version 148.0.7778.216. The vulnerability is limited to scenarios where a remote attacker has already compromised the renderer process. Exploitation can allow the attacker to escape the renderer sandbox, potentially escalating privileges and compromising the host system. The flaw is classified as CWE‑190 and CWE‑472 and is listed as having high severity by Chromium security.

Affected Systems

Google Chrome running on Windows platforms is affected. The vulnerability applies to all releases of Chrome before 148.0.7778.216, regardless of minor patch level. Users of older or out‑of‑support Windows versions using these Chrome releases are also at risk.

Risk and Exploitability

The CVSS score is 8.3, but the EPSS score is < 1%, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is likely a crafted HTML page delivered to a compromised renderer process, which suggests that the attacker already has some presence. Even without large‑scale exploitation campaigns, the potential for privilege escalation makes the risk significant, especially in environments where Chrome operates with elevated privileges.

Generated by OpenCVE AI on May 29, 2026 at 16:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 148.0.7778.216 or later, which includes the fix for the integer overflow bug
  • If an immediate update is not feasible, deploy a Chrome policy to block untrusted XML content or disable active scripting in potentially malicious HTML files
  • Monitor Chrome release notes and security advisories for additional mitigation steps

Generated by OpenCVE AI on May 29, 2026 at 16:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows

Fri, 29 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Fri, 29 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title XML Integer Overflow Enables Sandbox Escape chromium-browser: Integer overflow in XML
Weaknesses CWE-190
References
Metrics threat_severity

None

 cvssV3_1

{'score': 9.0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

threat_severity

Important

Fri, 29 May 2026 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 29 May 2026 01:45:00 +0000

Type Values Removed Values Added
Title XML Integer Overflow Enables Sandbox Escape

Thu, 28 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description Integer overflow in XML in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-472
References

Subscriptions

Google Chrome
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-30T03:56:49.419Z

Reserved: 2026-05-28T17:25:03.564Z

Link: CVE-2026-9966

cve-icon Vulnrichment

Updated: 2026-05-29T15:09:17.118Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T23:16:54.817

Modified: 2026-05-29T20:28:06.317

Link: CVE-2026-9966

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-9966 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T16:45:03Z

Weaknesses