Severity by source
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Heap buffer overflow in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
AnalysisAI
Heap buffer overflow in the Media component of Google Chrome before 149.0.7827.53 enables remote attackers to achieve arbitrary code execution within the renderer sandbox after luring a user to a crafted HTML page and tricking them into performing specific UI gestures. Google rates the underlying Chromium issue as High severity, and while publicly available exploit code exists is not confirmed, vendor patches have been released through the Stable channel update. No active exploitation has been reported via CISA KEV at time of analysis.
Technical ContextAI
The flaw resides in Chrome's Media subsystem, which handles audio/video decoding, playback pipelines, and related HTML5 media element processing within the Blink/Chromium renderer process. CWE-122 (Heap-based Buffer Overflow) indicates that attacker-controlled media data causes a write past the bounds of a heap-allocated buffer, typically corrupting adjacent heap metadata or object pointers that can be steered into control-flow hijack. Because the affected CPE corresponds to the Chromium-based desktop browser (Chrome stable channel), the same code path likely impacts other Chromium derivatives (Edge, Brave, Opera, Vivaldi) until they uptake the upstream fix tracked in chromium issue 504587797.
RemediationAI
Vendor-released patch: Google Chrome 149.0.7827.53 - update Chrome on all desktop endpoints to 149.0.7827.53 or later via the Stable channel update documented at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html, and force a browser relaunch so the new binary is loaded. Managed environments should push the update via Chrome Browser Cloud Management, Group Policy (UpdateDefault/TargetVersionPrefix), or Jamf/Intune MDM and verify chrome://version reflects the fixed build. As a temporary compensating control until the update propagates, restrict browsing of untrusted media-heavy sites, disable autoplay (chrome://settings/content/sound), or enforce site isolation and strict Enhanced Safe Browsing; users of Chromium-derivative browsers (Edge, Brave, Opera, Vivaldi) should update once their respective vendors uptake the Chromium fix tracked at https://issues.chromium.org/issues/504587797. Note that disabling JavaScript or media globally will break most modern web functionality and is not a sustainable workaround.
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Heap Overflow
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34395
GHSA-7xw6-44mq-f9j5