CVE-2026-9928
Google · Chrome
An out-of-bounds read vulnerability exists in the ANGLE graphics library component of Google Chrome on Windows prior to version 148.
Executive summary
An out-of-bounds read vulnerability in the ANGLE graphics component of Google Chrome on Windows presents a notable risk of information disclosure.
Vulnerability
This is an out-of-bounds read vulnerability located in the ANGLE graphics library. The flaw likely allows an attacker to read sensitive memory contents through specially crafted web content.
Business impact
With a CVSS score of 8.8, this vulnerability is considered High severity. Successful exploitation could lead to the unauthorized disclosure of sensitive information residing in memory, which may be leveraged to bypass security protections or assist in further attacks against the system.
Remediation
Immediate Action: Apply the vendor-provided security update to upgrade Chrome to version 148 or higher on all Windows workstations.
Proactive Monitoring: Review security logs for indicators of memory-based attacks or unusual browser crashes that may suggest attempts to trigger out-of-bounds read conditions.
Compensating Controls: Utilize endpoint protection platforms (EPP) with memory protection features to detect and block unauthorized memory access attempts.
Exploitation status
Public Exploit Available: false
Analyst recommendation
High-severity browser vulnerabilities require prompt remediation to prevent information leakage. Organizations must ensure that all Windows-based Chrome endpoints are patched to the latest version to neutralize this memory-based threat.