Description
Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-28
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Out of bounds write occurs in the GPU code of Google Chrome before version 148.0.7778.216 and can be triggered by a crafted HTML page displayed in a compromised renderer process; the flaw, a classic CWE-787 buffer overrun, allows the attacker to corrupt memory and potentially escape the renderer sandbox to execute code with higher privileges.

Affected Systems

Google Chrome browsers on any operating system that are running a version earlier than 148.0.7778.216 are affected; the issue is limited to the renderer process and is triggered by maliciously crafted or compromised web content.

Risk and Exploitability

The CVSS score of 9.0 indicates critical severity and, though the EPSS score is less than 1 %, the high Chromium severity and absence from the KEV catalog still make exploitation a serious threat; the attack requires first compromising the renderer process, which can be achieved by a malicious web page or an existing vulnerability, after which the sandbox escape could provide system-wide access.

Generated by OpenCVE AI on May 29, 2026 at 15:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 148.0.7778.216 or later to receive the patch.
  • If an upgrade is not immediately possible, launch Chrome with the --disable-gpu flag to prevent GPU path usage.
  • Enable Site Isolation by setting the --site-per-process flag to isolate renderer processes and reduce the impact of a potential sandbox escape.

Generated by OpenCVE AI on May 29, 2026 at 15:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Fri, 29 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title GPU Out‑of‑Bounds Write in Chrome Enables Potential Sandbox Escape chromium-browser: Out of bounds write in GPU
References
Metrics threat_severity

None

 cvssV3_1

{'score': 9.0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

threat_severity

Important

Fri, 29 May 2026 01:15:00 +0000

Type Values Removed Values Added
Title GPU Out‑of‑Bounds Write in Chrome Enables Potential Sandbox Escape

Fri, 29 May 2026 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 28 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-787
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-29T15:23:16.555Z

Reserved: 2026-05-28T17:25:05.569Z

Link: CVE-2026-9974

cve-icon Vulnrichment

Updated: 2026-05-29T15:23:12.805Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-28T23:16:55.623

Modified: 2026-05-29T16:16:39.487

Link: CVE-2026-9974

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-9974 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T15:30:04Z

Weaknesses