high advisory March 25, 2026

CVE-2026-4675: Google Chrome WebGL Heap Buffer Overflow Vulnerability

A heap buffer overflow vulnerability (CVE-2026-4675) exists in Google Chrome's WebGL implementation prior to version 146.0.7680.165, allowing a remote attacker to perform an out-of-bounds memory read via a specially crafted HTML page, potentially leading to information disclosure or arbitrary code execution.

CVE-2026-4675 describes a heap buffer overflow vulnerability affecting the WebGL component of Google Chrome. Specifically, versions prior to 146.0.7680.165 are susceptible. An attacker can exploit this vulnerability by crafting a malicious HTML page that, when rendered by a vulnerable Chrome browser, triggers an out-of-bounds memory read due to the heap buffer overflow in WebGL. The Chromium security team rated this as a “High” severity issue. Successful exploitation can lead to information…

Detection coverage 2

Detect Suspicious WebGL Function Calls in Chrome

medium

Detects potentially malicious HTML pages exploiting WebGL vulnerabilities by monitoring for unusual WebGL function calls within a Chrome process.

sigma tactics: initial_access techniques: T1189 sources: process_creation, windows

Detect Out-of-Bounds Memory Access in Chrome via WebGL

high

This rule detects potential exploitation of memory corruption vulnerabilities in Chrome's WebGL implementation based on memory access violations.

sigma tactics: execution techniques: T1059.001 sources: process_creation, windows

Detection queries are kept inside the platform. Get full rules →