Remote Code Execution in Google Chrome WebGPU
CVE-2026-4678

8.8HIGH

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 24 March 2026

What is CVE-2026-4678?

A vulnerability in the WebGPU implementation of Google Chrome prior to version 146.0.7680.165 enables remote attackers to execute arbitrary code within the browser's sandbox environment. This security flaw arises from improper memory management, specifically a use after free condition, which can be exploited via specially crafted HTML pages. By leveraging this vulnerability, attackers could potentially gain unauthorized access to sensitive data or execute malicious actions on the user's system.

Affected Version(s)

Chrome 146.0.7680.165

References

https://chromereleases.googleblog.com/2026/03/stable-chan...

https://issues.chromium.org/issues/491164019

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 24, 2026
Vulnerability Reserved
Mar 23, 2026

CVE-2026-4678 Data

JSON