EUVD-2026-36607
GHSA-2m3r-7r37-rw4c
Lifecycle Timeline
1DescriptionCVE.org
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU user-space driver, leading to memory corruption and possible browser/GPU process crash.
The software computes a required memory size from untrusted input, but integer overflow can produce a value smaller than needed. Subsequent write operations may then occur past the intended memory boundary, corrupting adjacent memory and causing process instability or termination.
Analysis
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU user-space driver, leading to memory corruption and possible browser/GPU process crash. The software computes a required memory size from untrusted input, but integer overflow can produce a value smaller than needed. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Kernel heap memory corruption in Imagination Technologies Graphics DDK allows a non-privileged local user to crash or de
Local privilege escalation and integrity compromise in Imagination Technologies Graphics DDK (GPU driver) allows non-pri
Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of
An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secur
Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pa
Share
External POC / Exploit Code
Leaving vuln.today