CVE-2026-9910

Google · Chrome

An out-of-bounds memory access vulnerability in the ANGLE graphics engine of Google Chrome may lead to application crashes or arbitrary code execution.

Executive summary

Google Chrome is affected by an out-of-bounds memory access vulnerability in the ANGLE engine that could allow attackers to bypass security controls and execute arbitrary code.

Vulnerability

This vulnerability involves out-of-bounds memory access within the ANGLE (Almost Native Graphics Layer Engine) component. It is highly likely that an unauthenticated remote attacker could trigger this issue by enticing a user to visit a malicious website.

Business impact

Out-of-bounds memory access flaws can be leveraged to corrupt memory, leading to unauthorized data access or the execution of arbitrary code with the privileges of the browser process. With a CVSS score of 8.8, this vulnerability represents a significant risk to organizational endpoints, necessitating prompt remediation to prevent potential data breaches.

Remediation

Immediate Action: Apply the latest Google Chrome security updates immediately to patch the ANGLE graphics engine.

Proactive Monitoring: Review endpoint logs for unexpected browser process terminations or unusual memory usage patterns.

Compensating Controls: Ensure that endpoint protection software is active and updated to detect common exploitation techniques associated with browser memory corruption.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Browser-based vulnerabilities of this nature are frequently targeted by threat actors. IT teams should verify that automatic updates are enabled for all users and enforce a policy requiring the latest browser version to ensure comprehensive protection.