Home / Vulnerability Intelligence / CVE-2026-4440

CVE-2026-4440 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 20, 2026

Google Chrome - Out of Bounds Read & Write

Published: March 20, 2026Updated: March 20, 2026Remote Exploitable

Overview

Google Chrome < 146.0.7680.153 contains an out of bounds read and write vulnerability in WebGL, letting remote attackers perform arbitrary read/write via crafted HTML pages, exploit requires no special privileges.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 2.7%(Probability of exploitation in next 30 days)

Impact

Remote attackers can perform arbitrary read and write operations, potentially leading to full system compromise.

Mitigation

Update to version 146.0.7680.153 or later.

References

Social Media Activity(1 post)

Catalin Cimpanu

@campuscodi

Apr 19, 2026

Exploit code for a recently patched Chrome vulnerability has leaked online via a misconfigured server. Security firm Breakglass believes the code is the work of a "professional exploit developer," and most intended for "sale or government use." https://intel.breakglass.tech/post/cve-2026-4440-chrome-exploit-dev-server-open-directory

View original post

Related Resources

Details

CVE ID: CVE-2026-4440
Severity: High
CVSS Score: 8.8
Type: out_of_bounds_rw
Status: confirmed
EPSS: 2.7%
Social Posts: 1

CWE

CWE-125

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

2.7%Probability of exploitation in the next 30 days