CVE-2026-10019

Google · Chrome

An integer overflow vulnerability exists in the ANGLE graphics library component of Google Chrome prior to version 148.

Executive summary

An integer overflow flaw in the Google Chrome ANGLE component presents a high risk of memory corruption and potential code execution.

Vulnerability

This is an integer overflow vulnerability located within the ANGLE (Almost Native Graphics Layer Engine) component of the browser. Attackers may trigger this condition to cause memory corruption, potentially leading to arbitrary code execution.

Business impact

The CVSS score of 8.8 reflects the high potential for impact associated with graphics-level vulnerabilities. Successful exploitation could lead to browser-based attacks that compromise the user's session, leading to unauthorized data access or complete system compromise.

Remediation

Immediate Action: Update Google Chrome to version 148 or later to resolve the integer overflow condition within the ANGLE library.

Proactive Monitoring: Monitor for browser performance degradation or repeated crashes, which are common indicators of memory corruption attempts.

Compensating Controls: Ensure that browser-based hardware acceleration settings are managed via policy to limit the attack surface if immediate patching is delayed.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Memory corruption vulnerabilities in graphics components are frequent targets for exploitation. It is critical that security teams treat the update to version 148 as a high-priority task to mitigate the risk of remote code execution.