CVE-2026-7896
Integer Overflow in Google Chrome Blink Engine
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: Chrome
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chrome | to 148.0.7778.96 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-472 | The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an integer overflow in the Blink component of Google Chrome versions prior to 148.0.7778.96. An integer overflow occurs when a calculation exceeds the maximum size that can be stored in an integer variable, causing unexpected behavior. In this case, the overflow can lead to heap corruption when processing a specially crafted HTML page.
A remote attacker can exploit this flaw by delivering a malicious HTML page that triggers the overflow, potentially allowing them to execute arbitrary code or cause the browser to crash.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including remote code execution or denial of service. An attacker exploiting this flaw could potentially take control of your browser process, leading to unauthorized actions such as data theft, installation of malware, or disruption of normal browser operations.