This vulnerability involves an integer overflow in the ANGLE graphics engine used by Google Chrome on Windows. The overflow can be triggered remotely via a specially crafted HTML page, leading to an out-of-bounds memory write. Such a memory corruption issue could potentially be leveraged for arbitrary code execution or other malicious outcomes. The affected versions are those prior to Chrome 148.0.7778.168. The vulnerability was publicly disclosed on May 14, 2026, with a Chromium security severity rating of Critical. The vendor advisory URL is provided but does not explicitly state patch or remediation details.

A remote attacker can exploit this vulnerability by convincing a user to visit a maliciously crafted HTML page, which triggers an integer overflow in ANGLE causing an out-of-bounds memory write. This could lead to memory corruption and potentially allow execution of arbitrary code or other critical impacts on the affected system. No known exploits in the wild have been reported so far.

Patch status is not yet confirmed — check the vendor advisory at https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html for current remediation guidance. Users should update to Chrome version 148.0.7778.168 or later once confirmed available. Until then, exercise caution when visiting untrusted websites.