CVE-2026-9965

Google · Chrome

An out-of-bounds write vulnerability in the ANGLE graphics component of Google Chrome could allow attackers to execute arbitrary code.

Executive summary

An out-of-bounds write vulnerability in the Google Chrome ANGLE component presents a critical risk of memory corruption and potential code execution.

Vulnerability

This is an out-of-bounds write vulnerability residing in the ANGLE (Almost Native Graphics Layer Engine) component. An attacker could exploit this by crafting a malicious web page that forces the browser to perform an invalid memory operation.

Business impact

The ability to perform an out-of-bounds write can be leveraged to corrupt memory, leading to browser instability or the execution of unauthorized code. With a CVSS score of 8.8, this vulnerability represents a significant threat to organizational security, potentially enabling attackers to escape the browser sandbox and impact the underlying operating system.

Remediation

Immediate Action: Apply the latest security patches provided by Google for the Chrome browser across all managed devices.

Proactive Monitoring: Monitor for increased crash rates in the GPU process or ANGLE-related components within browser logs.

Compensating Controls: Ensure that browser-based security policies are enforced and that endpoint detection and response (EDR) solutions are configured to monitor for suspicious process memory modifications.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Security teams should treat this vulnerability with high urgency. Patching remains the most effective mitigation; ensure that all browser instances are updated to the current version to eliminate the underlying memory corruption risk.