{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4444", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-03-19T20:23:49.144Z", "datePublished": "2026-03-20T01:34:46.432Z", "dateUpdated": "2026-03-20T14:45:56.272Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "146.0.7680.153", "status": "affected", "lessThan": "146.0.7680.153", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Stack buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Stack buffer overflow", "cweId": "CWE-121"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-03-20T01:34:46.432Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"}, {"url": "https://issues.chromium.org/issues/486349161"}]}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-20T14:35:00.571400Z", "id": "CVE-2026-4444", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T14:45:56.272Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-4444", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-20T14:35:00.571400Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T14:35:02.978Z"}}], "cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"status": "affected", "version": "146.0.7680.153", "lessThan": "146.0.7680.153", "versionType": "custom"}]}], "references": [{"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"}, {"url": "https://issues.chromium.org/issues/486349161"}], "descriptions": [{"lang": "en", "value": "Stack buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-121", "description": "Stack buffer overflow"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-03-20T01:34:46.432Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4444", "state": "PUBLISHED", "dateUpdated": "2026-03-20T14:45:56.272Z", "dateReserved": "2026-03-19T20:23:49.144Z", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "datePublished": "2026-03-20T01:34:46.432Z", "assignerShortName": "Chrome"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "3526166A-E44B-47EE-8E47-1C1937CB2B87", "versionEndExcluding": "146.0.7680.153", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)"}], "id": "CVE-2026-4444", "lastModified": "2026-03-20T19:32:16.683", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-20T02:16:37.073", "references": [{"source": "chrome-cve-admin@google.com", "tags": ["Vendor Advisory", "Release Notes"], "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://issues.chromium.org/issues/486349161"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "chrome-cve-admin@google.com", "type": "Secondary"}]}

{"bugzilla": {"description": "chromium-browser: Stack buffer overflow in WebRTC", "id": "2449398", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449398"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-120", "details": ["A stack buffer overflow flaw was found in the WebRTC component of the Chromium browser.\nUpstream bug(s):\nhttps://code.google.com/p/chromium/issues/detail?id=486349161"], "name": "CVE-2026-4444", "public_date": "2026-03-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-4444\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-4444\nhttps://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html\nhttps://issues.chromium.org/issues/486349161"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[146.0.7680.153,146.0.7680.153)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-03-20T13:26:22.834225+00:00", "value": {"mitigation_remediation": ["Apply the latest Google Chrome update (146.0.7680.153 or later) to eliminate the stack overflow flaw.", "If an immediate update is not feasible, disable or block WebRTC functionality in Chrome via policy or extension to remove the attack surface.", "Verify that the patch has been applied by confirming the browser version and checking the Chrome update history.", "Consider implementing endpoint detection and response to flag anomalous behavior that could indicate exploitation attempts."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Affected systems are Google Chrome web browsers running any version earlier than 146.0.7680.153. No other vendors or products are listed as impacted.", "description_and_impact": "Key detail from CVE description: a stack buffer overflow in the WebRTC module of Google Chrome prior to version 146.0.7680.153 allows a specially crafted HTML page to corrupt the browser stack. The overflow is a classic stack buffer overflow (CWE\u2011120/CWE\u2011121) that can enable an attacker to execute arbitrary code or crash the process, representing a high\u2011severity flaw.", "risk_and_exploitability": "The vulnerability scores a CVSS score of 9.6, indicating a very high severity; the EPSS score is not available, and the flaw is not currently listed in the CISA KEV catalog. Based on the description, the likely attack vector is a remote attacker delivering a crafted HTML page, exploiting the stack overflow to achieve code execution. Given the high CVSS score and the remote nature of the exploit, the risk to users is substantial and requires prompt action."}}}}, "created": "2026-03-20T08:53:31.579658+00:00", "updated": "2026-03-20T14:14:31.550212+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}