CVE-2026-5282: Out of bounds read in Google Chrome
CVE-2026-5282 is a high-severity vulnerability in Google Chrome's WebCodecs component prior to version 146. 0. 7680. 178. It allows a remote attacker to perform an out of bounds memory read by crafting a malicious HTML page. This vulnerability can lead to information disclosure and potentially impact the availability of the browser. The issue is categorized as CWE-125 (Out-of-bounds Read).
AI Analysis
Technical Summary
This vulnerability involves an out of bounds read in the WebCodecs feature of Google Chrome versions before 146.0.7680.178. An attacker can exploit this by delivering a specially crafted HTML page that triggers the out of bounds memory read, potentially exposing sensitive information or causing a denial of service. The CVSS v3.1 base score is 8.1, indicating high severity, with attack vector being network, no privileges required, user interaction required, and impacts confidentiality and availability.
Potential Impact
Successful exploitation can result in unauthorized disclosure of memory contents and may cause a denial of service condition in the affected browser. There is no indication of integrity impact. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
A fixed version of Google Chrome (146.0.7680.178 or later) addresses this vulnerability. Users and administrators should update to this version or later to remediate the issue. Since this is not a cloud service, patching the client software is required. Patch status is not explicitly confirmed in vendor advisory content, so verify with official Google Chrome security updates for the latest remediation guidance.
CVE-2026-5282: Out of bounds read in Google Chrome
Description
CVE-2026-5282 is a high-severity vulnerability in Google Chrome's WebCodecs component prior to version 146. 0. 7680. 178. It allows a remote attacker to perform an out of bounds memory read by crafting a malicious HTML page. This vulnerability can lead to information disclosure and potentially impact the availability of the browser. The issue is categorized as CWE-125 (Out-of-bounds Read).
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves an out of bounds read in the WebCodecs feature of Google Chrome versions before 146.0.7680.178. An attacker can exploit this by delivering a specially crafted HTML page that triggers the out of bounds memory read, potentially exposing sensitive information or causing a denial of service. The CVSS v3.1 base score is 8.1, indicating high severity, with attack vector being network, no privileges required, user interaction required, and impacts confidentiality and availability.
Potential Impact
Successful exploitation can result in unauthorized disclosure of memory contents and may cause a denial of service condition in the affected browser. There is no indication of integrity impact. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
A fixed version of Google Chrome (146.0.7680.178 or later) addresses this vulnerability. Users and administrators should update to this version or later to remediate the issue. Since this is not a cloud service, patching the client software is required. Patch status is not explicitly confirmed in vendor advisory content, so verify with official Google Chrome security updates for the latest remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Chrome
- Date Reserved
- 2026-03-31T20:07:13.580Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 69cca4c2e6bfc5ba1d9930dd
Added to database: 4/1/2026, 4:53:22 AM
Last enriched: 4/8/2026, 10:39:59 AM
Last updated: 5/20/2026, 6:31:28 AM
Views: 51
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.