{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4464", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-03-19T20:23:56.088Z", "datePublished": "2026-03-20T01:34:58.888Z", "dateUpdated": "2026-03-20T01:34:58.888Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "146.0.7680.153", "status": "affected", "lessThan": "146.0.7680.153", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Integer overflow", "cweId": "CWE-472"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-03-20T01:34:58.888Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"}, {"url": "https://issues.chromium.org/issues/487208468"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)"}], "id": "CVE-2026-4464", "lastModified": "2026-03-20T13:37:50.737", "metrics": {}, "published": "2026-03-20T02:16:39.907", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/487208468"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-472"}], "source": "chrome-cve-admin@google.com", "type": "Primary"}]}

{"bugzilla": {"description": "chromium-browser: Integer overflow in ANGLE", "id": "2449382", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449382"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["An integer overflow flaw was found in the ANGLE component of the Chromium browser.\nUpstream bug(s):\nhttps://code.google.com/p/chromium/issues/detail?id=487208468"], "name": "CVE-2026-4464", "public_date": "2026-03-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-4464\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-4464\nhttps://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html\nhttps://issues.chromium.org/issues/487208468"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,146.0.7680.153)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-03-20T13:20:56.448112+00:00", "value": {"mitigation_remediation": ["Install Chrome update 146.0.7680.153 or later. ", "Verify Chrome version to confirm the update has been applied."], "summary": {"action": "Apply Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Google Chrome versions prior to 146.0.7680.153 are vulnerable. All desktop builds using ANGLE in those releases are impacted. Up-to-date Chrome installations beyond 146.0.7680.153 are not susceptible.", "description_and_impact": "An integer overflow exists in ANGLE, a graphics abstraction layer used by Google Chrome. The flaw allows a remote attacker to mount an exploit by serving a specially crafted HTML page. When processed, the overflow can corrupt heap memory, potentially enabling arbitrary code execution. The weakness formally maps to CWE-190 (Integer Overflow) and CWE-472 (Use After Free).", "risk_and_exploitability": "The vulnerability carries a CVSS score of 8.8, indicating high severity. EPSS data is not available, and the issue is not listed in the CISA KEV catalog. The attack vector is explicitly described: a remote attacker can trigger the overflow by delivering crafted content to an unsuspecting Chrome user. Exploitation requires the victim to open the malicious page, after which heap corruption could lead to code execution."}}}}, "created": "2026-03-20T08:53:14.425728+00:00", "updated": "2026-03-20T14:14:07.482871+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}