CVE-2026-9113: Out of bounds read in Google Chrome
Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
AI Analysis
Technical Summary
This vulnerability involves an out of bounds read in the GPU processing of Google Chrome on Mac platforms before version 148.0.7778.179. A remote attacker can trigger this by crafting a malicious HTML page that causes Chrome to read memory outside its intended bounds. The issue was assigned CVE-2026-9113 and is classified with high severity by Chromium security. The vulnerability was published on May 20, 2026, but no CVSS score or detailed remediation status is provided in the available data. The vendor advisory URL points to a Chrome stable channel update announcement, but patch status is not explicitly confirmed in the input.
Potential Impact
Successful exploitation of this vulnerability could lead to unauthorized reading of memory outside the intended buffer boundaries in the GPU process of Chrome on Mac. This may result in information disclosure or potentially aid in further exploitation chains. However, no known active exploits have been reported, and the exact impact beyond out of bounds memory read is not detailed.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html for current remediation guidance. Users of Google Chrome on Mac should monitor for updates and apply the latest stable version once confirmed to address this vulnerability. Until then, no specific mitigations are provided in the advisory.
CVE-2026-9113: Out of bounds read in Google Chrome
Description
Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves an out of bounds read in the GPU processing of Google Chrome on Mac platforms before version 148.0.7778.179. A remote attacker can trigger this by crafting a malicious HTML page that causes Chrome to read memory outside its intended bounds. The issue was assigned CVE-2026-9113 and is classified with high severity by Chromium security. The vulnerability was published on May 20, 2026, but no CVSS score or detailed remediation status is provided in the available data. The vendor advisory URL points to a Chrome stable channel update announcement, but patch status is not explicitly confirmed in the input.
Potential Impact
Successful exploitation of this vulnerability could lead to unauthorized reading of memory outside the intended buffer boundaries in the GPU process of Chrome on Mac. This may result in information disclosure or potentially aid in further exploitation chains. However, no known active exploits have been reported, and the exact impact beyond out of bounds memory read is not detailed.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html for current remediation guidance. Users of Google Chrome on Mac should monitor for updates and apply the latest stable version once confirmed to address this vulnerability. Until then, no specific mitigations are provided in the advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Chrome
- Date Reserved
- 2026-05-20T17:39:21.044Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html","vendor":"Google"}]
Threat ID: 6a0e0cd2ba1db473629e79a7
Added to database: 5/20/2026, 7:34:42 PM
Last enriched: 5/20/2026, 7:50:56 PM
Last updated: 5/21/2026, 5:27:11 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.