{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2649", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-02-18T00:23:54.421Z", "datePublished": "2026-02-18T21:39:03.873Z", "dateUpdated": "2026-02-26T14:44:15.324Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "145.0.7632.109", "status": "affected", "lessThan": "145.0.7632.109", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Integer overflow", "cweId": "CWE-472"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-02-18T21:39:03.873Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_18.html"}, {"url": "https://issues.chromium.org/issues/481074858"}]}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-2649", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-19T04:55:52.799562Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:44:15.324Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-2649", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-19T04:55:52.799562Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T22:05:08.051Z"}}], "cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"status": "affected", "version": "145.0.7632.109", "lessThan": "145.0.7632.109", "versionType": "custom"}]}], "references": [{"url": "https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_18.html"}, {"url": "https://issues.chromium.org/issues/481074858"}], "descriptions": [{"lang": "en", "value": "Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-472", "description": "Integer overflow"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-02-18T21:39:03.873Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2649", "state": "PUBLISHED", "dateUpdated": "2026-02-26T14:44:15.324Z", "dateReserved": "2026-02-18T00:23:54.421Z", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "datePublished": "2026-02-18T21:39:03.873Z", "assignerShortName": "Chrome"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C277072-720B-4A77-AC3F-CD3348E19407", "versionEndExcluding": "145.0.7632.109", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"}, {"lang": "es", "value": "Desbordamiento de entero en V8 en Google Chrome anterior a 145.0.7632.109 permite a un atacante remoto, potencialmente, explotar la corrupci\u00f3n de la pila a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: Alta)"}], "id": "CVE-2026-2649", "lastModified": "2026-02-19T18:35:19.273", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-18T22:16:26.847", "references": [{"source": "chrome-cve-admin@google.com", "tags": ["Release Notes"], "url": "https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_18.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://issues.chromium.org/issues/481074858"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-472"}], "source": "chrome-cve-admin@google.com", "type": "Secondary"}]}

{"bugzilla": {"description": "chromium-browser: Integer overflow in V8", "id": "2440795", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440795"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2026-2649", "public_date": "2026-02-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-2649\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-2649\nhttps://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_18.html\nhttps://issues.chromium.org/issues/481074858"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,145.0.7632.109)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-17T18:25:59.182279+00:00", "value": {"mitigation_remediation": ["Update Chrome to version 145.0.7632.109 or later via the official update mechanism.", "Confirm that automatic updates are enabled so that future patches are applied automatically.", "If an update cannot be performed immediately, protect users by restricting access to untrusted web sites or employing network\u2011level web filters to block malicious content."], "summary": {"action": "Patch promptly", "impact": "Remote code execution via heap corruption"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all instances of Google Chrome before version 145.0.7632.109. Any user who visits a malicious web page with that Chrome build is at risk.", "description_and_impact": "An integer overflow condition in Chrome\u2019s V8 JavaScript engine permits a remote attacker to corrupt the heap when rendering a specially crafted HTML page. This flaw carries a high severity score of 8.8 and can potentially lead to remote code execution on the affected system.", "risk_and_exploitability": "The exploit score is low (EPSS <\u202f1\u202f%) and the flaw is not listed in the CISA KEV catalog, but the high CVSS score and the possibility of heap corruption make it a serious threat. The likely attack vector is a remote adversary sending a malicious HTML page that the victim\u2019s browser processes, exploiting the integer overflow to overwrite memory."}}}}, "created": "2026-02-19T10:10:55.891016+00:00", "updated": "2026-04-17T18:30:05.657355+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}