Description
Integer overflow in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-28
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is an integer overflow in the V8 JavaScript engine used by Google Chrome versions earlier than 148.0.7778.216. A crafted HTML page can trigger the overflow, allowing a remote attacker to execute arbitrary code within the browser's sandbox. This vulnerability is categorized as a high‑severity issue and is linked to CWE‑190, Integer Overflow or Wraparound, and CWE‑472, Improper Handling of Signed Integers.

Affected Systems

Google Chrome browsers running any build prior to 148.0.7778.216 are affected, regardless of platform. Users of these versions are at risk of code execution when opening malicious web pages.

Risk and Exploitability

The vulnerability is exploitable remotely via a web page that a user visits. No local privileges or additional software are required beyond the presence of the vulnerable browser, making it widely reachable. The CVSS score is 8.8, indicating a high severity vulnerability, and the EPSS score is less than 1%, indicating a very low exploitation probability. The vulnerability is not listed in the CISA KEV catalog, but the potential impact of remote code execution warrants prompt action.

Generated by OpenCVE AI on May 29, 2026 at 15:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 148.0.7778.216 or later
  • Enable and use Chrome's Sandbox and Site Isolation features to limit privilege escalation
  • Restrict or disable JavaScript execution on untrusted sites through browser settings or a content security policy

Generated by OpenCVE AI on May 29, 2026 at 15:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Fri, 29 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via Integer Overflow in V8 Engine chromium-browser: Integer overflow in V8
Weaknesses CWE-190
References
Metrics threat_severity

None

 threat_severity

Important

Fri, 29 May 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 29 May 2026 01:15:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via Integer Overflow in V8 Engine

Fri, 29 May 2026 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 28 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description Integer overflow in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-472
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-29T10:58:53.116Z

Reserved: 2026-05-28T17:25:04.130Z

Link: CVE-2026-9968

cve-icon Vulnrichment

Updated: 2026-05-29T10:52:20.925Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T23:16:55.017

Modified: 2026-05-29T16:44:19.430

Link: CVE-2026-9968

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-9968 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T15:30:04Z

Weaknesses