CVE-2026-9983 - Vulnerability Details

- chromium-browser: Type Confusion in Skia

Description

Type Confusion in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Published: 2026-05-28

Score: 8.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Type Confusion in the Skia graphics library in Google Chrome allows a remote attacker to execute arbitrary code inside the browser sandbox through a crafted HTML page. The flaw arises from incorrect type handling, permitting an attacker to trigger code paths that bypass normal safety checks. In practice, this means that a visitor to a malicious website could run code that may compromise the user’s data or privacy.

Affected Systems

All deployments of Google Chrome before version 148.0.7778.216 are affected, regardless of operating system. The vulnerability is present in the desktop builds of Chrome. Users of earlier releases with no plan to upgrade remain exposed.

Risk and Exploitability

The Chromium security team has rated the issue as high severity, with a CVSS score of 8.8. The EPSS score is <1%, indicating a low but non‑zero probability that the vulnerability will be exploited in the wild. The flaw is triggered by a crafted HTML page, allowing remote code execution inside the browser sandbox with no user interaction beyond visiting the page. The vulnerability is not listed in CISA’s KEV catalog, so no known exploit is publicly documented. The potential impact is high because execution of arbitrary code in the sandbox could be leveraged to escape the sandbox and access sensitive data or cause other system compromise.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Google

Chrome

affected

Version	Status	Constraints
`148.0.7778.216`	affected	< 148.0.7778.216

Configuration 1 [-]

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*

No data.

Vendor Product Confidence Versions

Google

Chrome

100%

Version	Status	Scheme	Platform
`[148.0.7778.216,148.0.7778.216)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Google Chrome to version 148.0.7778.216 or later
Verify that Chrome’s sandbox feature remains enabled and has not been disabled by policy or user configuration
If upgrading is not immediately possible, use a more recent browser or enforce stricter content security policies to limit execution of untrusted code

Generated by OpenCVE AI on May 29, 2026 at 14:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00038.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html
https://issues.chromium.org/issues/513001309
https://nvd.nist.gov/vuln/detail/CVE-2026-9983
https://www.cve.org/CVERecord?id=CVE-2026-9983

History

Fri, 29 May 2026 16:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple macos Linux Linux linux Kernel Microsoft Microsoft windows
CPEs		cpe:2.3:a:google:chrome:::::::: cpe:2.3:o:apple:macos:-:::::::* cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::*
Vendors & Products		Apple Apple macos Linux Linux linux Kernel Microsoft Microsoft windows

Fri, 29 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 29 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Title		chromium-browser: Type Confusion in Skia
References		https://nvd.nist.gov/vuln/detail/CVE-2026-9983 https://www.cve.org/CVERecord?id=CVE-2026-9983
Metrics	threat_severity `None`	cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}` threat_severity `Important`

Fri, 29 May 2026 02:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google Google chrome
Vendors & Products		Google Google chrome

Thu, 28 May 2026 22:45:00 +0000

Type	Values Removed	Values Added
Description		Type Confusion in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Weaknesses		CWE-843
References		https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html https://issues.chromium.org/issues/513001309

Subscriptions

Apple Macos

Google Chrome

Linux Linux Kernel

Microsoft Windows

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2026-05-28T22:25:45.376Z

Updated: 2026-05-29T12:33:06.218Z

Reserved: 2026-05-28T17:25:07.442Z

Link: CVE-2026-9983

Vulnrichment

Updated: 2026-05-29T12:33:02.850Z

NVD

Status : Analyzed

Published: 2026-05-28T23:16:56.537

Modified: 2026-05-29T16:42:15.363

Link: CVE-2026-9983

Redhat

Severity : Important

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-9983 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-29T14:45:06Z

Weaknesses

CWE-843

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object