Type Confusion Vulnerability in Google Chrome on Linux and ChromeOS
CVE-2026-9117

7.5HIGH

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 20 May 2026

What is CVE-2026-9117?

A type confusion vulnerability in the GFX component of Google Chrome on Linux and ChromeOS has been discovered. This issue arises when a remote attacker successfully compromises the renderer process by using a specially crafted video file. If exploited, this vulnerability could allow unauthorized access to system resources, posing significant security risks. Affected versions include those prior to 148.0.7778.179 for both Linux and ChromeOS platforms.

Affected Version(s)

Chrome 148.0.7778.179

References

https://chromereleases.googleblog.com/2026/05/stable-chan...

https://issues.chromium.org/issues/497542537

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2026
Vulnerability Reserved
May 20, 2026

CVE-2026-9117 Data

JSON