EUVD-2026-13479
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
Out of bounds read in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Analysis
An out of bounds read vulnerability exists in the Blink rendering engine of Google Chrome prior to version 146.0.7680.153, allowing remote attackers to read memory outside intended buffer boundaries via a specially crafted HTML page. This vulnerability (CWE-125) has been classified as High severity by the Chromium security team and enables information disclosure attacks without requiring user interaction beyond visiting a malicious webpage. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 7 days: Identify all affected systems running Blink in Google Chrome and apply vendor patches promptly. Vendor patch is available.
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| jammy | not-affected | code not present |
| noble | not-affected | code not present |
| questing | not-affected | code not present |
| upstream | released | - |
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye (security), bullseye | vulnerable | 120.0.6099.224-1~deb11u1 | - |
| bookworm | fixed | 146.0.7680.153-1~deb12u1 | - |
| bookworm (security) | fixed | 146.0.7680.153-1~deb12u1 | - |
| trixie | fixed | 146.0.7680.153-1~deb13u1 | - |
| trixie (security) | fixed | 146.0.7680.153-1~deb13u1 | - |
| forky | vulnerable | 146.0.7680.80-1 | - |
| sid | fixed | 146.0.7680.153-1 | - |
| bullseye | fixed | (unfixed) | end-of-life |
| (unstable) | fixed | 146.0.7680.153-1 | - |
Share
External POC / Exploit Code
Leaving vuln.today