Skip to content
CVSS 8.8 · HIGH

CVE-2026-7973

Integer overflow in Dawn in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Ver en NVD

Análisis

Google Chrome on Windows is vulnerable to a sandbox escape via a crafted HTML page. An attacker can exploit an integer overflow in the Dawn component to execute code outside of the browser's restricted environment. Ensure your browser is updated to version 148.0.7778.96 or later to protect against this remote attack vector.

Severidad

Puntaje: 8.8(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: REQUIRED
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-472

EPSS

Sin puntaje EPSS aún (CVE muy reciente).

Afecta

google:chromemicrosoft:windows

Descripción técnica

Integer overflow in Dawn in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Publicada: 6/5/2026, 19:16:48
Última modificación: 6/5/2026, 23:29:40

Referencias

InicioEventosBlogRecursosEquipo