{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4450", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-03-19T20:23:50.820Z", "datePublished": "2026-03-20T01:34:50.389Z", "dateUpdated": "2026-03-20T01:34:50.389Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "146.0.7680.153", "status": "affected", "lessThan": "146.0.7680.153", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Out of bounds write in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out of bounds write", "cweId": "CWE-787"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-03-20T01:34:50.389Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"}, {"url": "https://issues.chromium.org/issues/487746373"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Out of bounds write in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"}], "id": "CVE-2026-4450", "lastModified": "2026-03-20T02:16:37.917", "metrics": {}, "published": "2026-03-20T02:16:37.917", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/487746373"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "chrome-cve-admin@google.com", "type": "Primary"}]}

{"bugzilla": {"description": "chromium-browser: Out of bounds write in V8", "id": "2449396", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449396"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["An out of bounds write flaw was found in the V8 component of the Chromium browser.\nUpstream bug(s):\nhttps://code.google.com/p/chromium/issues/detail?id=487746373"], "name": "CVE-2026-4450", "public_date": "2026-03-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-4450\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-4450\nhttps://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html\nhttps://issues.chromium.org/issues/487746373"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[146.0.7680.153,146.0.7680.153)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-03-20T03:26:42.620050+00:00", "value": {"mitigation_remediation": ["Update Google Chrome to version 146.0.7680.153 or later. ", "Check for and install additional Chrome updates as they become available."], "summary": {"action": "Apply Patch", "impact": "Heap Corruption"}, "threat_synthesis": {"affected_systems": "The issue affects Google Chrome browsers whose version numbers are less than 146.0.7680.153. All pre-patch releases of Chrome released before the March\u00a02026 update are potentially vulnerable, including the stable channel.", "description_and_impact": "An out-of-bounds write flaw exists in the V8 JavaScript engine used by Google Chrome. The vulnerability allows a remote attacker to trigger heap corruption by loading a specially crafted HTML page. The flaw is classified as CWE-787 and is rated high severity, indicating that exploitation could enable arbitrary code execution or compromise the integrity of the browser process.", "risk_and_exploitability": "The CVE is marked high severity, but no EPSS score is available and it is not listed in the CISA KEV catalog. Attackers would need to supply a malicious web page that the user visits or otherwise gains the browser to exploit the flaw. Exploitation requires only that the vulnerable Chrome instance render the crafted HTML, so the attack vector is remote and user\u2011initiated."}}}}, "created": "2026-03-20T08:53:26.519428+00:00", "title": "Out-of-Bounds Write in V8 Leading to Heap Corruption in Google Chrome", "updated": "2026-03-20T10:43:19.690106+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}