CVE-2026-5292: Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of

Description

Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Affected Products

Vendor	Product	Versions
webcodecs	in google chrome	146.0.7680.178

References

Related News (2 articles)

Tier C

VulDB11h ago

CVE-2026-5292 | Google Chrome up to 146.0.7680.165 WebCodecs out-of-bounds (ID 492213)

→ No new info (linked only)

Tier B

CERT-FR17h ago

Multiples vulnérabilités dans Google Chrome (01 avril 2026)

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

146.0.7680.178

CWECWE-125

PublishedApr 1, 2026

Last enriched10h agov2

Trending Score60

Source articles2

Independent2

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

Version History

Last enriched 10h ago

v2Tier C10h ago

Updated description with more technical detail, changed severity to HIGH, and noted that the exploit is actively exploited.

descriptionaffectedVersionsseverityactivelyExploited

via VulDB

v111h ago

Initial creation