CVE-2026-9967
Out-of-Bounds Write in Google Chrome GPU
Publication date: 2026-05-28
Last updated on: 2026-05-29
Assigner: Chrome
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chrome | to 148.0.7778.216 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out of bounds write in the GPU component of Google Chrome versions prior to 148.0.7778.216. It allows a remote attacker to potentially escape the browser's sandbox by using a specially crafted HTML page.
How can this vulnerability impact me? :
The impact of this vulnerability is that a remote attacker could exploit it to escape the sandbox environment of Google Chrome. This could lead to unauthorized access to the underlying system, potentially allowing the attacker to execute arbitrary code or compromise the system's security.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Google Chrome to version 148.0.7778.216 or later, as the issue affects versions prior to this release.