CVE-2026-9928

Google · Chrome

An out-of-bounds read vulnerability exists in the ANGLE graphics library component of Google Chrome on Windows prior to version 148.

Executive summary

An out-of-bounds read vulnerability in the ANGLE graphics component of Google Chrome on Windows presents a notable risk of information disclosure.

Vulnerability

This is an out-of-bounds read vulnerability located in the ANGLE graphics library. The flaw likely allows an attacker to read sensitive memory contents through specially crafted web content.

Business impact

With a CVSS score of 8.8, this vulnerability is considered High severity. Successful exploitation could lead to the unauthorized disclosure of sensitive information residing in memory, which may be leveraged to bypass security protections or assist in further attacks against the system.

Remediation

Immediate Action: Apply the vendor-provided security update to upgrade Chrome to version 148 or higher on all Windows workstations.

Proactive Monitoring: Review security logs for indicators of memory-based attacks or unusual browser crashes that may suggest attempts to trigger out-of-bounds read conditions.

Compensating Controls: Utilize endpoint protection platforms (EPP) with memory protection features to detect and block unauthorized memory access attempts.

Exploitation status

Public Exploit Available: false

Analyst recommendation

High-severity browser vulnerabilities require prompt remediation to prevent information leakage. Organizations must ensure that all Windows-based Chrome endpoints are patched to the latest version to neutralize this memory-based threat.