Description
Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-28
Score: 9.6 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out‑of‑bounds write in Chrome’s GPU code path (CWE‑787). A crafted HTML page can trigger the write, potentially breaking out of the browser process sandbox and allowing an attacker to gain higher privileges and execute arbitrary code within the browser session.

Affected Systems

Affected product is Google Chrome. Versions older than 148.0.7778.216 are vulnerable. No operating system is specified, so the issue likely applies to all Chrome installations that use the GPU code path.

Risk and Exploitability

Chromium rates the issue as high severity with a CVSS score of 9.3. The EPSS score is < 1% and the vulnerability is not listed in CISA KEV. An attacker can exploit it remotely by loading a malicious webpage that triggers the out‑of‑bounds write. Although no publicly documented exploit is available, the nature of the flaw permits memory corruption that could lead to sandbox escape. Theoretical risk exists but the high severity and remote nature warrant prompt patching.

Generated by OpenCVE AI on May 29, 2026 at 14:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 148.0.7778.216 or newer, which contains the patch that eliminates the out‑of‑bounds write.
  • As an interim workaround, disable hardware acceleration in Chrome settings to prevent the GPU code path from executing.
  • Ensure that Chrome’s Site Isolation feature is enabled to restrict access between processes until a full update can be performed.

Generated by OpenCVE AI on May 29, 2026 at 14:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Fri, 29 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds GPU Write Allowing Sandbox Escape in Google Chrome chromium-browser: Out of bounds write in GPU
References
Metrics threat_severity

None

 cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N'}

threat_severity

Important

Fri, 29 May 2026 02:30:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds GPU Write Allowing Sandbox Escape in Google Chrome

Fri, 29 May 2026 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 28 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-787
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-29T15:25:29.336Z

Reserved: 2026-05-28T17:25:03.838Z

Link: CVE-2026-9967

cve-icon Vulnrichment

Updated: 2026-05-29T15:25:23.513Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-28T23:16:54.913

Modified: 2026-05-29T16:16:39.157

Link: CVE-2026-9967

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-9967 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T14:15:37Z

Weaknesses