Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
AnalysisAI
Out-of-bounds memory read in the GPU component of Google Chrome on macOS exposes process memory to remote attackers via a crafted HTML page. Affected versions are all Chrome releases prior to 148.0.7778.179 on Mac; Windows and Linux are not identified as affected. No public exploit or active exploitation has been identified at time of analysis, and SSVC confirms exploitation status as none with non-automatable attack delivery.
Technical ContextAI
The vulnerability is rooted in Chrome's GPU rendering subsystem on macOS, classified as CWE-125 (Out-of-Bounds Read). Chrome's GPU process is responsible for hardware-accelerated graphics operations, and a specially constructed HTML page can supply malformed rendering instructions that cause the GPU component to read beyond the boundaries of an allocated memory buffer. This class of vulnerability can expose adjacent process memory contents to the attacker. The affected product is identified by CPE cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*, with EUVD-2026-31163 specifying the vulnerable range as Chrome versions below 148.0.7778.179 on Mac. The GPU process boundary and macOS-specific code path narrow the scope relative to a cross-platform or browser-engine-level flaw.
RemediationAI
Update Google Chrome to version 148.0.7778.179 or later on macOS; this is the vendor-confirmed fix per the stable channel update advisory at https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html. Chrome's automatic update mechanism handles this for most users, but enterprise administrators should verify deployment via fleet management tooling. If immediate patching is blocked, disabling GPU hardware acceleration in Chrome (chrome://settings/system, toggle off 'Use graphics acceleration when available') may reduce exposure by shifting rendering away from the affected GPU code path - the trade-off is degraded rendering performance and potential visual glitches on graphics-intensive sites. Restricting user navigation to known-trusted domains via browser policy (URL allowlisting) addresses the user-interaction prerequisite but is operationally impractical in most environments. Patching to 148.0.7778.179 remains the only definitive remediation.
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, a
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, do
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderb
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbi
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Conta
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbi
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and Se
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| SUSE Package Hub 15 SP7 | Fixed |
| openSUSE Leap 16.0 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Package Hub 15 SP7 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31163
GHSA-7rqh-fgfv-43q2