{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4452", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-03-19T20:23:51.397Z", "datePublished": "2026-03-20T01:34:51.585Z", "dateUpdated": "2026-03-21T04:01:15.165Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "146.0.7680.153", "status": "affected", "lessThan": "146.0.7680.153", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Integer overflow", "cweId": "CWE-472"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-03-20T01:34:51.585Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"}, {"url": "https://issues.chromium.org/issues/487977696"}]}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-20T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-4452"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-21T04:01:15.165Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-4452", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-20T14:34:34.631883Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T14:23:56.517Z"}}], "cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"status": "affected", "version": "146.0.7680.153", "lessThan": "146.0.7680.153", "versionType": "custom"}]}], "references": [{"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"}, {"url": "https://issues.chromium.org/issues/487977696"}], "descriptions": [{"lang": "en", "value": "Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-472", "description": "Integer overflow"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-03-20T01:34:51.585Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4452", "state": "PUBLISHED", "dateUpdated": "2026-03-21T04:01:15.165Z", "dateReserved": "2026-03-19T20:23:51.397Z", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "datePublished": "2026-03-20T01:34:51.585Z", "assignerShortName": "Chrome"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "3526166A-E44B-47EE-8E47-1C1937CB2B87", "versionEndExcluding": "146.0.7680.153", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"}], "id": "CVE-2026-4452", "lastModified": "2026-03-20T18:07:58.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-20T02:16:38.207", "references": [{"source": "chrome-cve-admin@google.com", "tags": ["Vendor Advisory", "Release Notes"], "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://issues.chromium.org/issues/487977696"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-472"}], "source": "chrome-cve-admin@google.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "chromium-browser: Integer overflow in ANGLE", "id": "2449388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449388"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["An integer overflow flaw was found in the ANGLE component of the Chromium browser.\nUpstream bug(s):\nhttps://code.google.com/p/chromium/issues/detail?id=487977696"], "name": "CVE-2026-4452", "public_date": "2026-03-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-4452\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-4452\nhttps://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html\nhttps://issues.chromium.org/issues/487977696"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[146.0.7680.153,146.0.7680.153)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-03-20T20:07:16.164594+00:00", "value": {"mitigation_remediation": ["Update Google Chrome to version 146.0.7680.153 or newer on Windows.", "Verify the update by opening the browser\u2019s About page to confirm the new version number."], "summary": {"action": "Patch", "impact": "Remote Heap Corruption"}, "threat_synthesis": {"affected_systems": "Google Chrome versions for Windows released before 146.0.7680.153 contain the vulnerability. The issue is limited to builds that include ANGLE and is not present in newer releases that have applied the integer\u2011overflow fix. End\u2011users on Windows who have earlier Chrome versions need to upgrade.", "description_and_impact": "An integer overflow occurs in ANGLE, the graphics abstraction layer used by Google Chrome on Windows. When Chrome parses a maliciously crafted HTML page, the overflow can corrupt heap objects, potentially allowing an attacker to alter program control flow and achieve arbitrary code execution if exploitation succeeds. The flaw is caused by unchecked arithmetic operations (CWE-190) and improper buffer handling (CWE-472).", "risk_and_exploitability": "The CVSS base score of 8.8 marks the flaw as high severity. However, an EPSS score of less than 1% suggests that real\u2011world exploitation is currently unlikely. The vulnerability is not listed in the CISA KEV catalog. Exploitation would require a victim to visit a specially crafted HTML page or otherwise render content that triggers the integer overflow, a client\u2011side attack that does not rely on remote network access beyond normal browsing."}}}}, "created": "2026-03-20T08:53:24.814369+00:00", "updated": "2026-03-25T14:09:53.277746+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}