cbcvebase.
CVE-2026-2315
published 2026-02-11

CVE-2026-2315: Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via…

PriorityP260high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
8.75%
94.5th percentile
Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Affected

6 ranges
VendorProductVersion rangeFixed in
chromiumchromium>= 0 < 145.0.7632.75-1~deb12u1145.0.7632.75-1~deb12u1
chromiumchromium>= 0 < 145.0.7632.75-1~deb13u1145.0.7632.75-1~deb13u1
chromiumchromium>= 0 < 145.0.7632.45-1145.0.7632.45-1
debianchromium< chromium 145.0.7632.75-1~deb12u1 (bookworm)chromium 145.0.7632.75-1~deb12u1 (bookworm)
googlechrome< 145.0.7632.45145.0.7632.45
googlechrome>= 145.0.7632.45 < 145.0.7632.45145.0.7632.45

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2026-2315 is an inappropriate implementation in WebGPU in Google Chrome prior to version 145.0.7632.45, enabling out-of-bounds memory access via a crafted HTML page; flag Chrome versions below 145.0.7632.45 in your environment.
  • Two additional high severity bugs in Codecs (CVE-2026-2314) and WebGPU (CVE-2026-2315) also enable code execution — treat CVE-2026-2315 as a code execution risk, not merely a memory access issue, when triaging.
  • ·Debian bullseye remains unresolved/open for CVE-2026-2315 — systems running bullseye are still vulnerable and have no available package fix.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.