Vulnerability CVE-2026-9910: Information

Description

Out of bounds memory access in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2026-9910

Published: May 28, 2026

Modified: June 17, 2026

Error type identifier: CWE-125, CWE-787

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
chromium	sisyphus	148.0.7778.216-alt1	149.0.7827.155-alt1	ALT-PU-2026-8548-2	419541	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html	Release Notes
https://issues.chromium.org/issues/499176133	Permissions Required

Affected configurations:
1. cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
  End excluding
  148.0.7778.216
  cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
  cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
  End excluding
  148.0.7778.215
  cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
  cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Version: v26.6.1