CVE-2026-9121

Google · Chrome

An out-of-bounds read vulnerability exists in the GPU component of Google Chrome, potentially allowing unauthorized memory access.

Executive summary

A high-severity out-of-bounds read vulnerability in the Google Chrome GPU component could lead to information disclosure or system instability.

Vulnerability

This vulnerability involves an out-of-bounds read error within the GPU process of Google Chrome. While the authentication requirement is not explicitly stated, such browser-based memory vulnerabilities typically do not require user authentication to trigger via malicious web content.

Business impact

Successful exploitation of this memory-related vulnerability could result in the disclosure of sensitive information from system memory or cause the browser process to crash. With a CVSS score of 8.8, this flaw poses a significant risk to organizational endpoints, potentially facilitating further attacks or causing persistent service disruption.

Remediation

Immediate Action: Update all Google Chrome instances to the latest stable release (version 148 or later) as soon as it becomes available.

Proactive Monitoring: Monitor endpoint logs for abnormal browser process terminations or unusual memory usage patterns that may indicate exploitation.

Compensating Controls: Ensure that browser-based security features, such as site isolation and sandboxing, are enabled and enforced via group policy.

Exploitation status

Public Exploit Available: false

Analyst recommendation

This vulnerability represents a significant risk to browser security and endpoint integrity. Administrators should prioritize the deployment of security updates across the enterprise to mitigate the potential for memory-based attacks.