CVE-2026-5274: Integer overflow in Google Chrome
CVE-2026-5274 is a high-severity integer overflow vulnerability in the Codecs component of Google Chrome versions prior to 146. 0. 7680. 178. This flaw allows a remote attacker to achieve arbitrary read and write capabilities by convincing a user to visit a specially crafted HTML page. The vulnerability has a CVSS score of 8. 8, indicating a significant risk. There are no known exploits in the wild at this time. No explicit patch or vendor advisory details are provided in the input data.
AI Analysis
Technical Summary
An integer overflow vulnerability exists in the Codecs module of Google Chrome before version 146.0.7680.178. This vulnerability enables remote attackers to perform arbitrary memory read and write operations via a crafted HTML page, potentially leading to code execution or other impacts. The CVSS 3.1 base score is 8.8, reflecting high confidentiality, integrity, and availability impacts with network attack vector and no privileges required but user interaction needed.
Potential Impact
Successful exploitation allows remote attackers to read and write arbitrary memory in the browser process, which can lead to execution of arbitrary code, data corruption, or browser crashes. The high CVSS score reflects the critical impact on confidentiality, integrity, and availability of the affected system. No known exploits have been reported in the wild so far.
Mitigation Recommendations
Patch status is not yet confirmed — check the official Google Chrome security advisories for the availability of an official fix or update. Until a patch is confirmed, users should exercise caution when visiting untrusted websites and consider disabling or restricting the use of vulnerable codecs if possible.
CVE-2026-5274: Integer overflow in Google Chrome
Description
CVE-2026-5274 is a high-severity integer overflow vulnerability in the Codecs component of Google Chrome versions prior to 146. 0. 7680. 178. This flaw allows a remote attacker to achieve arbitrary read and write capabilities by convincing a user to visit a specially crafted HTML page. The vulnerability has a CVSS score of 8. 8, indicating a significant risk. There are no known exploits in the wild at this time. No explicit patch or vendor advisory details are provided in the input data.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
An integer overflow vulnerability exists in the Codecs module of Google Chrome before version 146.0.7680.178. This vulnerability enables remote attackers to perform arbitrary memory read and write operations via a crafted HTML page, potentially leading to code execution or other impacts. The CVSS 3.1 base score is 8.8, reflecting high confidentiality, integrity, and availability impacts with network attack vector and no privileges required but user interaction needed.
Potential Impact
Successful exploitation allows remote attackers to read and write arbitrary memory in the browser process, which can lead to execution of arbitrary code, data corruption, or browser crashes. The high CVSS score reflects the critical impact on confidentiality, integrity, and availability of the affected system. No known exploits have been reported in the wild so far.
Mitigation Recommendations
Patch status is not yet confirmed — check the official Google Chrome security advisories for the availability of an official fix or update. Until a patch is confirmed, users should exercise caution when visiting untrusted websites and consider disabling or restricting the use of vulnerable codecs if possible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Chrome
- Date Reserved
- 2026-03-31T20:07:10.977Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 69cca4c0e6bfc5ba1d99304d
Added to database: 4/1/2026, 4:53:20 AM
Last enriched: 4/8/2026, 6:36:58 AM
Last updated: 5/21/2026, 3:24:52 PM
Views: 59
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.