Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Out of bounds read in Dawn in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
AnalysisAI
Cross-origin data leakage in Google Chrome's Dawn WebGPU implementation on Windows affects all versions prior to 148.0.7778.216. The out-of-bounds read (CWE-125) in the Dawn graphics layer allows remote unauthenticated attackers to exfiltrate cross-origin data by enticing a user to visit a crafted HTML page, exploiting improper buffer boundary enforcement during GPU operations. No public exploit code or CISA KEV listing exists at time of analysis; EPSS at 0.03% (11th percentile) indicates very low automated exploitation likelihood, consistent with the moderate CVSS 4.3 score and required user interaction.
Technical ContextAI
Dawn is Google's open-source, cross-platform implementation of the WebGPU and WebGL graphics APIs, integrated into Chromium as the GPU abstraction layer for hardware-accelerated rendering. CWE-125 (Out-of-bounds Read) identifies the root cause as reading memory past the end of an allocated buffer within Dawn's graphics processing pipeline. On Windows, this class of vulnerability in a GPU context can expose memory contents across security origins - potentially leaking fragments of data belonging to other web origins or browser process state. The affected CPE is cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*, with the vulnerability explicitly scoped to the Windows platform per the CVE description. The 'Buffer Overflow' tag present in the intelligence metadata is a misnomer - CWE-125 is a read-only out-of-bounds operation, not a write, which meaningfully constrains exploitation potential relative to a true buffer overflow.
RemediationAI
Upgrade Google Chrome on Windows to version 148.0.7778.216 or later, as detailed in the Chrome Stable Channel Update advisory (http://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html). Chrome's built-in auto-update mechanism should deliver this patch automatically; users can verify their version by navigating to chrome://settings/help and triggering a manual update check. For enterprise environments, deploy the update via Google Admin Console or Chrome Browser Cloud Management. As a temporary compensating control pending patching, WebGPU access can be restricted via the Chrome enterprise policy or by setting the flag chrome://flags/#enable-unsafe-webgpu to disabled - note this will break any WebGPU-dependent web applications or games. Proxy-based URL filtering to restrict browsing to known-trusted domains reduces the likelihood of encountering a crafted exploit page, though this is not a substitute for patching.
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, a
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, do
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderb
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbi
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Conta
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbi
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and Se
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| openSUSE Leap 16.0 | Fixed |
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33202
GHSA-mv3r-5x8j-pmcc