CVE-2026-4675EXPLOITEDPATCHED

google · chrome

Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Description

Affected Products

Vendor	Product	Versions
google	chrome	< 146.0.7680.164

References

https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_23.html(Release Notes, Vendor Advisory)
https://issues.chromium.org/issues/488270257(Permissions Required)

Related News (1 articles)

Tier A

Microsoft MSRC3d ago

Chromium: CVE-2026-4675 Heap buffer overflow in WebGL

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available146.0.7680.164

CWECWE-122, CWE-787

PublishedMar 24, 2026

Last enriched1d agov2

Trending Score28

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-4676EXP

Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Trending: 60

HIGHCVE-2026-4677EXP

Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity

Trending: 36

HIGHCVE-2026-4680EXP

Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Trending: 36

HIGHCVE-2026-4673EXP

Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Trending: 36

HIGHCVE-2026-4679EXP

Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Trending: 28

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 24, 2026

Actively Exploited

Mar 24, 2026

Exploit Available

Mar 24, 2026

Patch Available

Mar 24, 2026

Discovered by ZDM

Mar 26, 2026

Updated: exploitAvailable, activelyExploited

Mar 29, 2026

Version History

Last enriched 1d ago

v2Tier A1d ago

Updated vendor to Microsoft and product to Edge, and marked exploit as available and actively exploited.

exploitAvailableactivelyExploited

via Microsoft MSRC

v14d ago

Initial creation