EUVD-2026-17812
2026-04-01
Chrome
8.8
CVSS 3.1
Share
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Lifecycle Timeline
4
Patch Released
Apr 01, 2026 - 05:15 nvd
Patch available
Analysis Generated
Apr 01, 2026 - 05:15 vuln.today
EUVD ID Assigned
Apr 01, 2026 - 05:15 euvd
EUVD-2026-17812
CVE Published
Apr 01, 2026 - 04:41 nvd
HIGH 8.8
Description
Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Analysis
Out-of-bounds read in WebCodecs component of Google Chrome prior to version 146.0.7680.178 allows remote attackers to read arbitrary memory contents via specially crafted HTML pages. The vulnerability affects all Chrome versions below the patched release and requires only HTML delivery (no authentication); exploitation could disclose sensitive data from the browser process memory, though the Chromium project assessed this as Medium severity.
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
44
Low
Medium
High
Critical
KEV: 0
EPSS: +0.0
CVSS: +44
POC: 0
Vendor Status
Debian
chromium
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye (security), bullseye | vulnerable | 120.0.6099.224-1~deb11u1 | - |
| bookworm | vulnerable | 143.0.7499.169-1~deb12u1 | - |
| bookworm (security) | vulnerable | 146.0.7680.164-1~deb12u1 | - |
| trixie | vulnerable | 145.0.7632.159-1~deb13u1 | - |
| trixie (security) | vulnerable | 146.0.7680.164-1~deb13u1 | - |
| forky | vulnerable | 146.0.7680.153-1 | - |
| sid | fixed | 146.0.7680.177-1 | - |
| bullseye | fixed | (unfixed) | end-of-life |
| (unstable) | fixed | 146.0.7680.177-1 | - |
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).