CVE-2026-9916
Out-of-Bounds Write in Google Chrome
Publication date: 2026-05-28
Last updated on: 2026-05-29
Assigner: Chrome
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chrome | to 148.0.7778.216 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out of bounds write in ANGLE, a component used in Google Chrome. It affects versions of Google Chrome prior to 148.0.7778.216. A remote attacker who has already compromised the renderer process can exploit this vulnerability by using a specially crafted HTML page.
The exploitation could potentially allow the attacker to escape the sandbox environment that normally restricts the renderer process, leading to further compromise of the system.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow a remote attacker to escape the sandbox protections of the renderer process in Google Chrome. This means the attacker could gain higher privileges on the affected system, potentially leading to unauthorized access, execution of arbitrary code, or further system compromise.