CVE-2026-4450
Published: 20 March 2026
Description
Adversaries may exploit software vulnerabilities in client applications to execute code.
Security Summary
CVE-2026-4450 is an out-of-bounds write vulnerability (CWE-787) in the V8 JavaScript engine within Google Chrome prior to version 146.0.7680.153. This issue enables a remote attacker to potentially exploit heap corruption by processing a crafted HTML page. Chromium security severity is rated as High, with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
A remote attacker can exploit this vulnerability over the network with low complexity and no privileges required, though it depends on user interaction such as visiting a malicious webpage. Successful exploitation could lead to high-impact consequences, including unauthorized disclosure of information, modification of data, and denial of service through heap corruption.
Google Chrome version 146.0.7680.153 addresses this vulnerability. Security practitioners should consult the Chrome stable channel update at https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html and the associated Chromium issue at https://issues.chromium.org/issues/487746373 for patch details and advisory information.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Out-of-bounds write in V8 JavaScript engine enables heap corruption via crafted HTML page, facilitating drive-by compromise (T1189) and exploitation for client execution (T1203) with user interaction limited to visiting the malicious webpage.