{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4444", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-03-19T20:23:49.144Z", "datePublished": "2026-03-20T01:34:46.432Z", "dateUpdated": "2026-03-20T01:34:46.432Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "146.0.7680.153", "status": "affected", "lessThan": "146.0.7680.153", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Stack buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Stack buffer overflow", "cweId": "CWE-121"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-03-20T01:34:46.432Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"}, {"url": "https://issues.chromium.org/issues/486349161"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Stack buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)"}], "id": "CVE-2026-4444", "lastModified": "2026-03-20T02:16:37.073", "metrics": {}, "published": "2026-03-20T02:16:37.073", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/486349161"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "chrome-cve-admin@google.com", "type": "Primary"}]}

{"bugzilla": {"description": "chromium-browser: Stack buffer overflow in WebRTC", "id": "2449398", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449398"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-120", "details": ["A stack buffer overflow flaw was found in the WebRTC component of the Chromium browser.\nUpstream bug(s):\nhttps://code.google.com/p/chromium/issues/detail?id=486349161"], "name": "CVE-2026-4444", "public_date": "2026-03-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-4444\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-4444\nhttps://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html\nhttps://issues.chromium.org/issues/486349161"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[146.0.7680.153,146.0.7680.153)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-03-20T03:28:48.566668+00:00", "value": {"mitigation_remediation": ["Apply the latest Google Chrome update (at least version 146.0.7680.153) as released by Google.", "Until the update is applied, avoid loading untrusted web pages that could serve malicious HTML content using WebRTC."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all desktop installations of Google Chrome with versions earlier than 146.0.7680.153. No other products or versions are listed as affected.", "description_and_impact": "A stack buffer overflow exists in WebRTC within Google Chrome versions prior to 146.0.7680.153. The flaw allows a remote attacker to supply a specially crafted HTML page that corrupts the stack, potentially leading to execution of arbitrary code. The weakness is identified as CWE-121: Stack-based Buffer Overflow.", "risk_and_exploitability": "The CVSS score indicates a high severity. An EPSS score is not available and the vulnerability is not included in the CISA KEV catalog. Attackers could exploit the flaw by hosting or delivering a malicious HTML page that triggers the WebRTC stack overflow, which may lead to code execution if successful. No publicly disclosed exploits are known at the time of the advisory."}}}}, "created": "2026-03-20T08:53:31.579658+00:00", "title": "Remote Stack Buffer Overflow in WebRTC via Crafted HTML Page", "updated": "2026-03-20T10:43:24.955813+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}