{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4439", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-03-19T20:23:47.193Z", "datePublished": "2026-03-20T01:34:43.403Z", "dateUpdated": "2026-03-20T14:47:56.806Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "146.0.7680.153", "status": "affected", "lessThan": "146.0.7680.153", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Out of bounds memory access in WebGL in Google Chrome on Android prior to 146.0.7680.153 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out of bounds memory access"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-03-20T01:34:43.403Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"}, {"url": "https://issues.chromium.org/issues/475877320"}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "CWE-125 Out-of-bounds Read"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-20T14:35:20.473462Z", "id": "CVE-2026-4439", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T14:47:56.806Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Out of bounds memory access in WebGL in Google Chrome on Android prior to 146.0.7680.153 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"}], "id": "CVE-2026-4439", "lastModified": "2026-03-20T13:37:50.737", "metrics": {}, "published": "2026-03-20T02:16:36.400", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/475877320"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "chromium-browser: Out of bounds memory access in WebGL", "id": "2449384", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449384"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["An out of bounds memory access flaw was found in the WebGL component of the Chromium browser.\nUpstream bug(s):\nhttps://code.google.com/p/chromium/issues/detail?id=475877320"], "name": "CVE-2026-4439", "public_date": "2026-03-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-4439\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-4439\nhttps://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html\nhttps://issues.chromium.org/issues/475877320"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.", "threat_severity": "Critical"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[146.0.7680.153,146.0.7680.153)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-03-20T13:27:20.750595+00:00", "value": {"mitigation_remediation": ["Update Google Chrome to version 146.0.7680.153 or later. If an immediate update is not possible, disable WebGL in Chrome settings or use a content security policy that blocks WebGL usage. Check Google\u2019s update channels regularly for subsequent patches."], "summary": {"action": "Immediate patch", "impact": "Remote sandbox escape"}, "threat_synthesis": {"affected_systems": "The issue affects Google Chrome for Android versions prior to 146.0.7680.153. Users running any older release on Android devices are potentially vulnerable until they upgrade to a patched version. Only the Android platform is mentioned; the Desktop stable channel is not affected.", "description_and_impact": "Out of bounds memory access in the WebGL component of Google Chrome on Android permits a remote attacker to exploit a crafted HTML page and potentially escape the browser sandbox, resulting in the ability to execute arbitrary code outside the browser environment. This vulnerability is classified as Critical in Chromium\u2019s own severity rating and is correlated with several memory safety weaknesses (CWE-119, CWE-122, CWE-787).", "risk_and_exploitability": "The CVSS base score is 9.6, indicating a very high severity. EPSS data is not available, but the lack of a KEV listing does not lower the risk; the vulnerability remains critical. The attack vector is remote, relying on a malicious or compromised web page; an attacker must deliver a crafted HTML page that the user opens in the affected browser. Once executed, the out\u2011of\u2011bounds read/write could be used to escape the sandbox and achieve full system compromise."}}}}, "created": "2026-03-20T08:53:35.822697+00:00", "updated": "2026-03-20T14:14:37.714538+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}