CVE-2026-4674EXPLOITEDPATCHED

google · chrome

Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Description

Affected Products

Vendor	Product	Versions
google	chrome	< 146.0.7680.164

References

https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_23.html(Release Notes, Vendor Advisory)
https://issues.chromium.org/issues/488188166(Permissions Required)

Related News (1 articles)

Tier A

Microsoft MSRC2d ago

Chromium: CVE-2026-4674 Out of bounds read in CSS

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available146.0.7680.164

CWECWE-125

PublishedMar 24, 2026

Last enriched3d agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-4677EXP

Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity

Trending: 37

HIGHCVE-2026-4680EXP

Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Trending: 37

HIGHCVE-2026-4673EXP

Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Trending: 37

HIGHCVE-2026-4679EXP

Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Trending: 29

HIGHCVE-2026-4675EXP

Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Trending: 29

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 24, 2026

Actively Exploited

Mar 24, 2026

Exploit Available

Mar 24, 2026

Patch Available

Mar 24, 2026

Discovered by ZDM

Mar 26, 2026

Updated: exploitAvailable, activelyExploited, tags

Mar 27, 2026

Version History

Last enriched 3d ago

v2Tier A3d ago

Marked exploit availability as true, actively exploited status as true, and added new tag CVE-2026-4674.

exploitAvailableactivelyExploitedtags

via Microsoft MSRC

v14d ago

Initial creation