CVE-2026-15767
Google · Chrome
A heap buffer overflow in the libyuv library within Google Chrome on Windows allows for potential code execution.
Executive summary
A heap buffer overflow vulnerability in Google Chrome's libyuv component presents a critical risk of unauthorized code execution on Windows systems.
Vulnerability
This is a heap buffer overflow vulnerability located in the libyuv library. The vulnerability is triggered by user interaction, specifically when a user is enticed to process malicious content, and does not require prior authentication.
Business impact
A heap buffer overflow can lead to application crashes or, more severely, the execution of arbitrary code with the privileges of the browser process. With a CVSS score of 8.8, this vulnerability represents a significant threat to user workstations, as it could facilitate the installation of malware or the theft of sensitive browser-stored credentials.
Remediation
Immediate Action: Update Google Chrome to the latest stable version immediately to incorporate the necessary security fixes.
Proactive Monitoring: Review endpoint protection logs for alerts related to browser process crashes or suspicious network activity originating from Chrome.
Compensating Controls: Deploy web filtering and email security solutions to block malicious websites or attachments that might trigger the buffer overflow.
Exploitation status
Public Exploit Available: No (unknown)
Analyst recommendation
Browser-based vulnerabilities are high-value targets for attackers because they are easily reached via the internet. Administrators must ensure that all Chrome installations are updated to the fixed version to neutralize this risk and protect against potential remote code execution.