CVE-2026-2315
published 2026-02-11CVE-2026-2315: Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via…
PriorityP260high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
8.75%
94.5th percentile
Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 145.0.7632.75-1~deb12u1 | 145.0.7632.75-1~deb12u1 |
| chromium | chromium | >= 0 < 145.0.7632.75-1~deb13u1 | 145.0.7632.75-1~deb13u1 |
| chromium | chromium | >= 0 < 145.0.7632.45-1 | 145.0.7632.45-1 |
| debian | chromium | < chromium 145.0.7632.75-1~deb12u1 (bookworm) | chromium 145.0.7632.75-1~deb12u1 (bookworm) |
| chrome | < 145.0.7632.45 | 145.0.7632.45 | |
| chrome | >= 145.0.7632.45 < 145.0.7632.45 | 145.0.7632.45 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2026-2315 is an inappropriate implementation in WebGPU in Google Chrome prior to version 145.0.7632.45, enabling out-of-bounds memory access via a crafted HTML page; flag Chrome versions below 145.0.7632.45 in your environment. ↗
- →Two additional high severity bugs in Codecs (CVE-2026-2314) and WebGPU (CVE-2026-2315) also enable code execution — treat CVE-2026-2315 as a code execution risk, not merely a memory access issue, when triaging. ↗
- ·Debian bullseye remains unresolved/open for CVE-2026-2315 — systems running bullseye are still vulnerable and have no available package fix. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2026-2315: Inappropriate implementation in WebGPU in Google Chrome prior to 145
osv·2026-02-11·CVSS 8.8
CVE-2026-2315 [HIGH] CVE-2026-2315: Inappropriate implementation in WebGPU in Google Chrome prior to 145
Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
GHSA
GHSA-wcfp-f743-hjm5: Inappropriate implementation in WebGPU in Google Chrome prior to 145
ghsa_unreviewed·2026-02-11
CVE-2026-2315 [HIGH] GHSA-wcfp-f743-hjm5: Inappropriate implementation in WebGPU in Google Chrome prior to 145
Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Red Hat
chromium-browser: Inappropriate implementation in WebGPU
vendor_redhat·2026-02-10·CVSS 8.8
CVE-2026-2315 [HIGH] chromium-browser: Inappropriate implementation in WebGPU
chromium-browser: Inappropriate implementation in WebGPU
Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
An inappropriate implementation flaw was found in the WebGPU component of the Chromium browser.
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Debian
CVE-2026-2315: chromium - Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 a...
vendor_debian·2026·CVSS 8.8
CVE-2026-2315 [HIGH] CVE-2026-2315: chromium - Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 a...
Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Scope: local
bookworm: resolved (fixed in 145.0.7632.75-1~deb12u1)
bullseye: open
forky: resolved (fixed in 145.0.7632.45-1)
sid: resolved (fixed in 145.0.7632.45-1)
trixie: resolved (fixed in 145.0.7632.75-1~deb13u1)
No detection rules found.
No public exploits indexed.
Checkpoint
16th February – Threat Intelligence Report
blogs_checkpoint·2026-02-16
CVE-2026-21510 16th February – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 16th February – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 16th February, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
Dutch telecom provider Odido was hit by a data breach following unauthorized access to its customer management system. Attackers extracted personal data of 6.2 million customers, including names, addresses, phone numbers, email addresses, bank account details, dates of birth, and passport or ID numbers.
BridgePay Networ
Wiz
CVE-2026-2315 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-2315 [HIGH] CVE-2026-2315 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2315 :
Google Chrome vulnerability analysis and mitigation
Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Source : NVD
## 8.8
Score
Published February 11, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cef-devel
chromium-headless-debuginfo
Sources
Alpine 3.23 Severity HIGH Has Fix Added at: Feb 20, 2026
Alpine edge Severity HIGH Has Fix Added at: Feb 1
Bugzilla
CVE-2026-23152 kernel: wifi: mac80211: correctly decode TTLM with default link map
bugzilla·2026-02-14·CVSS 5.5
CVE-2026-23152 [MEDIUM] CVE-2026-23152 kernel: wifi: mac80211: correctly decode TTLM with default link map
CVE-2026-23152 kernel: wifi: mac80211: correctly decode TTLM with default link map
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: correctly decode TTLM with default link map
TID-To-Link Mapping (TTLM) elements do not contain any link mapping
presence indicator if a default mapping is used and parsing needs to be
skipped.
Note that access points should not explicitly report an advertised TTLM
with a default mapping as that is the implied mapping if the element is
not included, this is even the case when switching back to the default
mapping. However, mac80211 would incorrectly parse the frame and would
also read one byte beyond the end of the element.
Discussion:
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026021414-CVE-2026-2315
2026-02-11
Published