What is the CVSS score of EUVD-2026-35267?

EUVD-2026-35267 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Google Chrome are affected by EUVD-2026-35267?

A high-severity vulnerability in Google Chrome (CVE-2026-11667) could allow attackers who have already compromised the GPU process to break out of the sandbox and corrupt system memory through…. A patch is available.

How to fix or mitigate EUVD-2026-35267?

Within 24 hours: Identify Chrome deployment scope across the organization and enable automatic updates if not already active. Within 7 days: Deploy Chrome 149.0.7827.103 or later to all endpoints through enterprise deployment mechanisms or auto-update enforcement. Within 30 days: Verify patch deployment completion via asset inventory systems, review GPU process logs for exploitation indicators prior to patching, and document remediation completion for compliance records.

Google Chrome EUVD-2026-35267

| CVE-2026-11667 HIGH

Out-of-bounds Read (CWE-125)

2026-06-09 chrome-cve-admin@google.com

GHSA-wx6h-3mh7-h885

Information Disclosure Google Buffer Overflow Red Hat Suse

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

SUSE

CRITICAL

qualitative

Red Hat

8.3 HIGH

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Jun 09, 2026 - 11:28 vuln.today

CVSS changed

Jun 09, 2026 - 11:22 NVD

7.5 (HIGH)

CVE Published

Jun 09, 2026 - 00:16 nvd

UNKNOWN (no severity yet)

CVE Published

Jun 09, 2026 - 00:16 nvd

HIGH 7.5

DescriptionCVE.org

Out of bounds read in WebRTC in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the GPU process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

AnalysisAI

Out-of-bounds read in the WebRTC component of Google Chrome before 149.0.7827.103 enables a remote attacker who has already compromised the GPU process to escalate into heap corruption via a crafted HTML page. Google rates this High severity and a vendor patch is available; no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Lure victim to crafted page

Delivery

Trigger prior GPU process compromise

Exploit

Invoke WebRTC from attacker JS

Install

Out-of-bounds read leaks heap layout

Shape allocations into heap corruption

Execute

Chain to sandbox escape

Impact

Achieve broader browser compromise

Recon

Lure victim to crafted page

Delivery

Trigger prior GPU process compromise

Exploit

Invoke WebRTC from attacker JS

Install

Out-of-bounds read leaks heap layout

Shape allocations into heap corruption

Execute

Chain to sandbox escape

Impact

Achieve broader browser compromise

Vulnerability AssessmentAI

Exploitation	Exploitation requires three concrete preconditions stated in or implied by the advisory: (1) the attacker must have already compromised the Chrome GPU process via a separate prior vulnerability, meaning this bug is a chain link, not an entry point; (2) the victim must load attacker-controlled HTML in Chrome (UI:R - user interaction), typically by clicking a link or visiting a malicious site; (3) the browser must be a Chrome desktop build below 149.0.7827.103 with WebRTC enabled (the default). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 7.5 vector (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) reflects a high-impact but high-complexity remote bug that requires user interaction (visiting a crafted page) and, per the description, a precondition that the GPU process is already compromised - a meaningful limiter that CVSS does not fully model. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker lures a target to a crafted HTML page (phishing link, malvertising, or watering-hole) that first triggers a separate GPU-process vulnerability to gain code execution inside the GPU sandbox. From that foothold, the page invokes WebRTC APIs to trigger the out-of-bounds read, leaking heap layout and then shaping allocations to drive heap corruption - used as the next link in a sandbox-escape chain toward renderer or browser-process compromise. …
Remediation	Vendor-released patch: Google Chrome 149.0.7827.103 (stable channel) - upgrade all desktop installs per the Chrome Releases advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html and track upstream details via the Chromium issue tracker entry at https://issues.chromium.org/issues/514671098. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify Chrome deployment scope across the organization and enable automatic updates if not already active. …

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Critical

Product	Status
openSUSE Leap 16.0	Fixed
openSUSE Tumbleweed	Fixed

EUVD-2026-35267 vulnerability details – vuln.today

Back

Google Chrome EUVD-2026-35267

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code