Google Chrome WebAudio Out-of-Bounds Read Vulnerability (CVE-2026-4677)
A remote attacker can trigger an out-of-bounds memory read in Google Chrome's WebAudio implementation by crafting a malicious HTML page (CVE-2026-4677), affecting versions prior to 146.0.7680.165.
CVE-2026-4677 describes an out-of-bounds memory read vulnerability in the WebAudio component of Google Chrome. Successful exploitation of this vulnerability allows a remote attacker to potentially read sensitive information from the browser’s memory. The vulnerability exists in Google Chrome versions prior to 146.0.7680.165. The attack involves crafting a malicious HTML page that, when opened in a vulnerable version of Chrome, triggers the out-of-bounds read in the WebAudio processing. The…
Detection coverage 2
Detect Suspicious WebAudio Usage
mediumDetects potentially malicious HTML pages using WebAudio features aggressively, possibly indicative of CVE-2026-4677 exploitation attempts.
Detect Chrome version before patch of CVE-2026-4677
lowDetects user agent strings indicating a Google Chrome version vulnerable to CVE-2026-4677.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1