Home / Vulnerability Intelligence / CVE-2026-4455

CVE-2026-4455 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 20, 2026

Google Chrome - Buffer Overflow

Published: March 20, 2026Updated: March 20, 2026Remote Exploitable

Overview

Google Chrome < 146.0.7680.153 contains a heap buffer overflow caused by improper handling of crafted PDF files in PDFium, letting remote attackers potentially exploit heap corruption.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 6.8%(Probability of exploitation in next 30 days)

Impact

Remote attackers can exploit heap corruption, potentially leading to arbitrary code execution or browser compromise.

Mitigation

Update to version 146.0.7680.153 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 22, 2026

🟠 CVE-2026-4455 - High (8.8) Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4455/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-4455
Severity: High
CVSS Score: 8.8
Type: buffer_overflow
Status: confirmed
EPSS: 6.8%
Social Posts: 1

CWE

CWE-122

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

6.8%Probability of exploitation in the next 30 days