Is Chrome affected by CVE-2026-4674?

Organizations using CSS in Google Chrome face significant risk from CVE-2026-4674, a out-of-bounds read vulnerability rated CVSS 8.8. Successful exploitation could significantly impact the confidentiality, integrity, or availability of affected systems.

CVE-2026-4674

EUVD-2026-14678 HIGH

2026-03-24 Chrome

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch Released

Mar 24, 2026 - 01:00 nvd

Patch available

Analysis Generated

Mar 24, 2026 - 00:45 vuln.today

EUVD ID Assigned

Mar 24, 2026 - 00:45 euvd

EUVD-2026-14678

CVE Published

Mar 24, 2026 - 00:24 nvd

HIGH 8.8

Description

Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Analysis

Out of bounds memory read in Google Chrome's CSS parser prior to version 146.0.7680.165 allows remote attackers to access sensitive memory contents through a malicious HTML page. The vulnerability requires user interaction and affects Chrome on multiple platforms including Debian systems, enabling attackers to potentially leak confidential data with high impact on confidentiality and integrity.

Remediation

Within 7 days: Identify all affected systems running CSS in Google Chrome and apply vendor patches promptly. Vendor patch is available.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +44

POC: 0

Vendor Status

Debian

chromium

Release	Status	Fixed Version	Urgency
bullseye (security), bullseye	vulnerable	120.0.6099.224-1~deb11u1	-
bookworm	vulnerable	143.0.7499.169-1~deb12u1	-
bookworm (security)	vulnerable	146.0.7680.153-1~deb12u1	-
trixie	vulnerable	145.0.7632.159-1~deb13u1	-
trixie (security)	vulnerable	146.0.7680.153-1~deb13u1	-
forky	vulnerable	146.0.7680.153-1	-
sid	fixed	146.0.7680.164-1	-
bullseye	fixed	(unfixed)	end-of-life
(unstable)	fixed	146.0.7680.164-1	-

CVE-2026-4674 vulnerability details – vuln.today

Back

CVE-2026-4674

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Vendor Status

Debian

Share

CVE-2026-4674

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Vendor Status

Debian

Share

External POC / Exploit Code