Skip to main content

Google Chrome CVE-2026-10946

| EUVDEUVD-2026-34395 HIGH
Heap-based Buffer Overflow (CWE-122)
2026-06-04 chrome-cve-admin@google.com GHSA-7xw6-44mq-f9j5
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
8.8 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 05, 2026 - 02:47 vuln.today
CVSS changed
Jun 05, 2026 - 02:22 NVD
7.5 (HIGH)
CVE Published
Jun 04, 2026 - 23:16 nvd
HIGH 7.5
CVE Published
Jun 04, 2026 - 23:16 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Heap buffer overflow in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

AnalysisAI

Heap buffer overflow in the Media component of Google Chrome before 149.0.7827.53 enables remote attackers to achieve arbitrary code execution within the renderer sandbox after luring a user to a crafted HTML page and tricking them into performing specific UI gestures. Google rates the underlying Chromium issue as High severity, and while publicly available exploit code exists is not confirmed, vendor patches have been released through the Stable channel update. No active exploitation has been reported via CISA KEV at time of analysis.

Technical ContextAI

The flaw resides in Chrome's Media subsystem, which handles audio/video decoding, playback pipelines, and related HTML5 media element processing within the Blink/Chromium renderer process. CWE-122 (Heap-based Buffer Overflow) indicates that attacker-controlled media data causes a write past the bounds of a heap-allocated buffer, typically corrupting adjacent heap metadata or object pointers that can be steered into control-flow hijack. Because the affected CPE corresponds to the Chromium-based desktop browser (Chrome stable channel), the same code path likely impacts other Chromium derivatives (Edge, Brave, Opera, Vivaldi) until they uptake the upstream fix tracked in chromium issue 504587797.

RemediationAI

Vendor-released patch: Google Chrome 149.0.7827.53 - update Chrome on all desktop endpoints to 149.0.7827.53 or later via the Stable channel update documented at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html, and force a browser relaunch so the new binary is loaded. Managed environments should push the update via Chrome Browser Cloud Management, Group Policy (UpdateDefault/TargetVersionPrefix), or Jamf/Intune MDM and verify chrome://version reflects the fixed build. As a temporary compensating control until the update propagates, restrict browsing of untrusted media-heavy sites, disable autoplay (chrome://settings/content/sound), or enforce site isolation and strict Enhanced Safe Browsing; users of Chromium-derivative browsers (Edge, Brave, Opera, Vivaldi) should update once their respective vendors uptake the Chromium fix tracked at https://issues.chromium.org/issues/504587797. Note that disabling JavaScript or media globally will break most modern web functionality and is not a sustainable workaround.

Vendor StatusVendor

SUSE

Severity: High
Product Status
openSUSE Tumbleweed Fixed

Share

CVE-2026-10946 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy