8.8
CVE-2026-3537
- EPSS 0.38%
- Veröffentlicht 04.03.2026 19:24:27
- Zuletzt bearbeitet 11.03.2026 16:16:45
- Quelle chrome-cve-admin@google.com
- CVE-Watchlists
- Unerledigt
Object lifecycle issue in PowerVR in Google Chrome on Android prior to 145.0.7632.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.38% | 0.293 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-1091 Use of Object without Invoking Destructor Method
The product contains a method that accesses an object but does not later invoke the element's associated finalize/destructor method.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html
https://issues.chromium.org/issues/474266014