Home / Vulnerability Intelligence / CVE-2026-7957

CVE-2026-7957 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: May 6, 2026

Google Chrome - Remote Code Execution

Published: May 6, 2026Updated: May 6, 2026Remote Exploitable

Overview

Google Chrome < 148.0.7778.96 on Mac and iOS contains an out of bounds write caused by improper memory handling in Media component, letting remote attackers with compromised renderer process execute arbitrary code inside sandbox via crafted HTML page.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Remote attackers with compromised renderer process can execute arbitrary code inside sandbox, potentially leading to further exploitation.

Mitigation

Update to version 148.0.7778.96 or later.

References

https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html
https://issues.chromium.org/issues/496607380

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-7957
Severity: High
CVSS Score: 8.8
Type: out_of_bounds_rw
Status: unconfirmed

CWE

CWE-787

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H