{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4439", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-03-19T20:23:47.193Z", "datePublished": "2026-03-20T01:34:43.403Z", "dateUpdated": "2026-03-20T01:34:43.403Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "146.0.7680.153", "status": "affected", "lessThan": "146.0.7680.153", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Out of bounds memory access in WebGL in Google Chrome on Android prior to 146.0.7680.153 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out of bounds memory access"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-03-20T01:34:43.403Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"}, {"url": "https://issues.chromium.org/issues/475877320"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Out of bounds memory access in WebGL in Google Chrome on Android prior to 146.0.7680.153 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"}], "id": "CVE-2026-4439", "lastModified": "2026-03-20T02:16:36.400", "metrics": {}, "published": "2026-03-20T02:16:36.400", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/475877320"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received"}

{"bugzilla": {"description": "chromium-browser: Out of bounds memory access in WebGL", "id": "2449384", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449384"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["An out of bounds memory access flaw was found in the WebGL component of the Chromium browser.\nUpstream bug(s):\nhttps://code.google.com/p/chromium/issues/detail?id=475877320"], "name": "CVE-2026-4439", "public_date": "2026-03-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-4439\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-4439\nhttps://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html\nhttps://issues.chromium.org/issues/475877320"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.", "threat_severity": "Critical"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[146.0.7680.153,146.0.7680.153)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-03-20T03:53:11.906166+00:00", "value": {"mitigation_remediation": ["Update Google Chrome for Android to version 146.0.7680.153 or later, which contains the fix.", "If an update is not yet available, disable or block WebGL features in Chrome settings or via policy until the update can be applied.", "Continuously monitor the Google Chrome release blog and apply subsequent updates that incorporate this correction.", "Consider using network\u2011level filtering to block access to known malicious sites as an additional precaution."], "summary": {"action": "Immediate Patch", "impact": "Sandbox Escape"}, "threat_synthesis": {"affected_systems": "All versions of Google Chrome for Android released prior to 146.0.7680.153 are susceptible; the advisory references indicate that patching to this specific version or later resolves the issue. No finer granularity of affected sub\u2011versions is provided in the data.", "description_and_impact": "The vulnerability is an out\u2011of\u2011bounds memory access in the WebGL component of Google Chrome on Android that affects all builds older than 146.0.7680.153. A specially crafted HTML page can trigger the flaw, and the vendor notes that it could lead to a sandbox escape. This weakness aligns with the CWE categories for buffer overflow or out\u2011of\u2011bounds access.", "risk_and_exploitability": "Google rates the issue as Critical, indicating a high potential impact if the flaw is successfully exploited. No EPSS score or KEV listing is available, but the combination of a critical severity rating and the possibility of sandbox escape means attackers could potentially gain elevated privileges or bypass browser isolation. The exploitation pathway requires only that a malicious web page be delivered to the browser, so any user who visits a compromised site with an affected Chrome build is at risk and no special privileges are required."}}}}, "created": "2026-03-20T08:53:35.822697+00:00", "title": "Out\u2011of\u2011Bounds WebGL Memory Access May Enable Sandbox Escape in Chrome for Android", "updated": "2026-03-20T10:43:29.294389+00:00", "vendors": ["google", "google$PRODUCT$chrome"], "weaknesses": ["CWE-122", "CWE-119", "CWE-787"]}