CVE-2026-4673EXPLOITEDPATCHED

google · chrome

Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Description

Affected Products

Vendor	Product	Versions
google	chrome	< 146.0.7680.164

References

https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_23.html(Release Notes, Vendor Advisory)
https://issues.chromium.org/issues/485397284(Permissions Required)

Related News (2 articles)

Tier A

Microsoft MSRC2d ago

Chromium: CVE-2026-4673 Heap buffer overflow in WebAudio

→ No new info (linked only)

Tier B

CERT-FR6d ago

Multiples vulnérabilités dans Google Chrome (24 mars 2026)

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available146.0.7680.164

CWECWE-122, CWE-787

PublishedMar 24, 2026

Last enriched1d agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-4677EXP

Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity

Trending: 37

HIGHCVE-2026-4680EXP

Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Trending: 37

HIGHCVE-2026-4679EXP

Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Trending: 29

HIGHCVE-2026-4674EXP

Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Trending: 29

HIGHCVE-2026-4675EXP

Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Trending: 29

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 24, 2026

Actively Exploited

Mar 24, 2026

Exploit Available

Mar 24, 2026

Patch Available

Mar 24, 2026

Discovered by ZDM

Mar 26, 2026

Updated: exploitAvailable, activelyExploited, tags

Mar 29, 2026

Version History

Last enriched 1d ago

v2Tier A1d ago

Updated vendor to Microsoft and product to Edge, marked exploit available and actively exploited, and added new tag CVE-2026-4673.

exploitAvailableactivelyExploitedtags

via Microsoft MSRC

v14d ago

Initial creation