CVE-2026-5912
published 2026-04-08CVE-2026-5912: Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | chromium | < chromium 147.0.7727.55-1 (sid) | chromium 147.0.7727.55-1 (sid) |
| chrome | < 147.0.7727.55 | 147.0.7727.55 | |
| chrome | >= 147.0.7727.55 < 147.0.7727.55 | 147.0.7727.55 | |
| chrome_chrome | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
VulDB
Google Chrome up to 146.0.7680.178 WebRTC integer overflow (ID 486498 / Nessus ID 305695)
vuldb·2026-04-13·CVSS 8.8
CVE-2026-5912 [HIGH] Google Chrome up to 146.0.7680.178 WebRTC integer overflow (ID 486498 / Nessus ID 305695)
A vulnerability was found in Google Chrome. It has been classified as critical. Affected by this issue is some unknown functionality of the component WebRTC. Performing a manipulation results in integer overflow.
This vulnerability is known as CVE-2026-5912. Remote exploitation of the attack is possible. No exploit is available.
Upgrading the affected component is recommended.
GHSA
GHSA-q3h3-jpfc-g5v7: Integer overflow in WebRTC in Google Chrome prior to 147
ghsa_unreviewed·2026-04-09
CVE-2026-5912 [HIGH] CWE-472 GHSA-q3h3-jpfc-g5v7: Integer overflow in WebRTC in Google Chrome prior to 147
Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)
OSV
CVE-2026-5912: Integer overflow in WebRTC in Google Chrome prior to 147
osv·2026-04-08·CVSS 8.8
CVE-2026-5912 [HIGH] CVE-2026-5912: Integer overflow in WebRTC in Google Chrome prior to 147
Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)
Chrome
Stable Channel Update for Desktop: CVE-2026-5912
vendor_chrome·2026-04-07·CVSS 8.8
CVE-2026-5912 [LOW] Stable Channel Update for Desktop: CVE-2026-5912
Stable Channel Update for Desktop
CVE-2026-5912: Integer overflow in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-22 [TBD][ 487195286 ] Low CVE-2026-5913: Out of bounds read in Blink
Reported by Vitaly Simonovich on 2026-02-24 [TBD][ 490023239 ] Low CVE-2026-5914: Type Confusion in CSS
Severity: low
Red Hat
chromium-browser: Integer overflow in WebRTC
vendor_redhat·2026-04-07·CVSS 8.8
CVE-2026-5912 [HIGH] CWE-190 chromium-browser: Integer overflow in WebRTC
chromium-browser: Integer overflow in WebRTC
An integer overflow flaw was found in the WebRTC component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=486498791
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Debian
CVE-2026-5912: chromium - Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a rem...
vendor_debian·2026·CVSS 8.8
CVE-2026-5912 [HIGH] CVE-2026-5912: chromium - Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a rem...
Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)
Scope: local
bookworm: open
bullseye: open
forky: open
sid: resolved (fixed in 147.0.7727.55-1)
trixie: open
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-5912 chromium-browser: Integer overflow in WebRTC
bugzilla·2026-04-08·CVSS 8.8
CVE-2026-5912 [HIGH] CVE-2026-5912 chromium-browser: Integer overflow in WebRTC
CVE-2026-5912 chromium-browser: Integer overflow in WebRTC
Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)
Sans Isc
Microsoft Patch Tuesday April 2026., (Tue, Apr 14th)
blogs_sans_isc·2026-04-14·CVSS 8.8
[HIGH] Microsoft Patch Tuesday April 2026., (Tue, Apr 14th)
Microsoft Patch Tuesday April 2026.
Published: 2026-04-14. Last Updated: 2026-04-14 17:46:09 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)
This month's Microsoft Patch Tuesday looks like a record one, but let's look at it a bit closer to understand what is happening
The update patches a total of 243 vulnerabilities. However, 78 of them are Chromium issues affecting Microsoft Edge. Patches for Edge were released earlier. This leaves 165 vulnerabilities that are not Edge-related. Of these, 8 are rated critical, and 154 are important. One vulnerability has already been exploited, and another was made public before today but has not yet been seen in the wild.
Noteworthy Vulnerabilities:
CVE-2026-33827 (Windows TCP/IP Remote Code Execution Vulnerability): As a packet nerd, I love thes
Wiz
CVE-2026-5912 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5912 [HIGH] CVE-2026-5912 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5912 :
Google Chrome vulnerability analysis and mitigation
Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
## 8.8
Score
Published April 8, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH No Fix Added at: Apr 09, 2026
Echo Severity HIGH No Fix Added at: Apr 09, 2026
Linux Severity HI
2026-04-08
Published