Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Out of bounds memory access in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
AnalysisAI
Remote code execution within Chrome's V8 sandbox affects all versions prior to 148.0.7778.96 when users visit malicious web pages. The out-of-bounds memory access vulnerability in V8 JavaScript engine enables arbitrary code execution with user interaction (visiting crafted HTML), rated high severity by Chromium team. EPSS and KEV data not available, but Google confirmed the vulnerability and released patches. Attack complexity is low (CVSS AC:L) with no authentication required, making this exploitable at scale once proof-of-concept becomes public.
Technical ContextAI
V8 is Google's open-source JavaScript and WebAssembly engine that powers Chrome and Node.js, responsible for executing JavaScript code in web pages. This vulnerability involves out-of-bounds memory access (likely buffer overflow or type confusion based on V8 historical patterns), where the engine accesses memory outside allocated boundaries when processing specially crafted JavaScript within HTML pages. The CPE string cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* confirms Google Chrome as the affected product across all platforms. While no CWE is assigned, typical V8 OOB vulnerabilities fall under CWE-125 (Out-of-bounds Read) or CWE-787 (Out-of-bounds Write). The sandboxed execution context (S:U in CVSS) means exploitation is contained within Chrome's renderer process initially, though combined with sandbox escape exploits this becomes a full system compromise vector.
RemediationAI
Immediately update Google Chrome to version 148.0.7778.96 or later via chrome://settings/help or allow automatic updates to apply (typically within 24-48 hours). For enterprise deployments using managed Chrome, push version 148.0.7778.96 through group policy or mobile device management systems as documented in Google's Chrome Enterprise release notes at chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html. Users of Chromium-based browsers should check vendor advisories and update to equivalent patched versions when available. No workarounds exist that maintain full browser functionality - the only compensating control is restricting web access to trusted domains via allowlist proxies, which severely impacts usability and breaks cloud applications. Organizations unable to patch immediately should deploy browser isolation solutions (remote browser technology) to contain rendering in cloud-based sandboxes, though this introduces latency and requires infrastructure investment. Extended Stable channel users should verify their update schedule includes this security fix.
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, a
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, do
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderb
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbi
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Conta
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbi
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and Se
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13
Same weakness CWE-787 – Out-of-bounds Write
View allVendor StatusVendor
SUSE
Severity: HighShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27907