PT-2026-42237 · Google · Google Chrome
Published
2026-05-20
·
Updated
2026-05-22
·
CVE-2026-9117
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Google Chrome on Linux and ChromeOS versions prior to 148.0.7778.179
Description
A type confusion issue exists in the GFX component. This allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using a specially crafted video file. Type confusion occurs when a program accesses a resource using a type that is different from the type it was originally allocated with.
Recommendations
Update to version 148.0.7778.179 or later.
Fix
Type Confusion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Google Chrome