CVE-2026-15114
Google · Chrome
An out-of-bounds read and write vulnerability exists within the Codecs component of Google Chrome, which can be exploited by remote attackers.
Executive summary
A critical out-of-bounds read/write vulnerability in the Google Chrome Codecs component allows for remote code execution or system instability via malicious web content.
Vulnerability
This vulnerability involves out-of-bounds memory access within the browser's Codecs implementation. It is an unauthenticated, user-assisted attack vector where a user is tricked into processing malicious media content.
Business impact
The CVSS score of 8.8 reflects the high potential for total impact on confidentiality, integrity, and availability. Successful exploitation could lead to unauthorized access to sensitive user data, system crashes, or the execution of arbitrary code, posing a severe threat to enterprise security and data privacy.
Remediation
Immediate Action: Apply the vendor-provided security update to version 150.0.7871.115 or later across the entire environment.
Proactive Monitoring: Review web proxy and browser security logs for anomalous traffic patterns or attempts to load malformed media files.
Compensating Controls: Deploy or maintain browser-based security policies that restrict the execution of untrusted scripts and media content where possible.
Exploitation status
Public Exploit Available: false
Analyst recommendation
This vulnerability is highly severe and requires immediate attention. IT departments should enforce the update to the patched version of Chrome to ensure that browser memory is protected against out-of-bounds access attempts.