high advisory March 24, 2026

Google Chrome Out-of-Bounds Read Vulnerability (CVE-2026-4674)

A remote attacker can exploit an out-of-bounds read vulnerability (CVE-2026-4674) in Google Chrome versions prior to 146.0.7680.165 to achieve out-of-bounds memory access via a crafted HTML page, impacting confidentiality, integrity, and availability.

CVE-2026-4674 is an out-of-bounds read vulnerability affecting Google Chrome versions prior to 146.0.7680.165. This vulnerability resides in the CSS processing engine of Chrome. A remote attacker can exploit this vulnerability by crafting a malicious HTML page that, when opened in a vulnerable version of Chrome, triggers an out-of-bounds read. The successful exploitation of this vulnerability allows the attacker to read sensitive information from the browser’s memory, potentially leading to…

Detection coverage 2

Detect Suspicious Chrome Process Accessing Network

medium

Detects network connections initiated by the Chrome process, which may indicate exploitation of CVE-2026-4674 leading to arbitrary code execution and command and control.

sigma tactics: command_and_control techniques: T1071.001 sources: network_connection, windows

Detect Chrome Launching Suspicious Child Processes

high

Detects the launch of suspicious processes from Chrome, which can indicate exploitation leading to code execution.

sigma tactics: execution techniques: T1059.001 sources: process_creation, windows

Detection queries are kept inside the platform. Get full rules →

Indicators of compromise

url