CVE-2026-3062

Published: Feb 23, 2026Modified: Feb 25, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Affected (2)

Products: Google: Chrome

Google

1 product

Chrome

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Google Chrome	Before 145.0.7632.116

Running on/with	Platform Versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Google Chrome	Before 145.0.7632.117

Running on/with	Platform Versions
Apple Macos	All versions

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_23.html

Source: chrome-cve-admin@google.com

Release Notes

https://issues.chromium.org/issues/483751167

Source: chrome-cve-admin@google.com

Issue TrackingPermissions Required

Timeline

No history available yet.