Webgpu

An out-of-bounds write vulnerability exists in Mesa versions before 25.3.6 and 26 before 26.0.1 due to an untrusted allocation size in WebGPU, potentially leading to code execution.

A use-after-free vulnerability in Google Chrome's WebGPU component (CVE-2026-4678) allows a remote attacker to execute arbitrary code within a sandbox by crafting a malicious HTML page, affecting Chrome versions prior to 146.0.7680.165.