{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4679", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-03-23T21:08:18.589Z", "datePublished": "2026-03-24T00:24:42.991Z", "dateUpdated": "2026-03-25T03:55:40.157Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "146.0.7680.165", "status": "affected", "lessThan": "146.0.7680.165", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Integer overflow", "cweId": "CWE-472"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-03-24T00:24:42.991Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_23.html"}, {"url": "https://issues.chromium.org/issues/491516670"}]}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-4679"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T03:55:40.157Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-4679", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-24T00:49:08.602740Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T00:51:56.302Z"}}], "cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"status": "affected", "version": "146.0.7680.165", "lessThan": "146.0.7680.165", "versionType": "custom"}]}], "references": [{"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_23.html"}, {"url": "https://issues.chromium.org/issues/491516670"}], "descriptions": [{"lang": "en", "value": "Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-472", "description": "Integer overflow"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-03-24T00:24:42.991Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4679", "state": "PUBLISHED", "dateUpdated": "2026-03-25T03:55:40.157Z", "dateReserved": "2026-03-23T21:08:18.589Z", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "datePublished": "2026-03-24T00:24:42.991Z", "assignerShortName": "Chrome"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "2570A6D2-95CF-4CB3-A7D1-8CC6532A05FA", "versionEndExcluding": "146.0.7680.164", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)"}, {"lang": "es", "value": "Desbordamiento de entero en Fuentes en Google Chrome anterior a 146.0.7680.165 permiti\u00f3 a un atacante remoto realizar una escritura de memoria fuera de l\u00edmites a trav\u00e9s de una p\u00e1gina HTML dise\u00f1ada. (Gravedad de seguridad de Chromium: Alta)"}], "id": "CVE-2026-4679", "lastModified": "2026-03-24T17:50:19.917", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-24T01:17:03.607", "references": [{"source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_23.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"], "url": "https://issues.chromium.org/issues/491516670"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-472"}], "source": "chrome-cve-admin@google.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "chromium-browser: Integer overflow in Fonts", "id": "2450572", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450572"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["An integer overflow flaw was found in the Fonts component of the Chromium browser.\nUpstream bug(s):\nhttps://code.google.com/p/chromium/issues/detail?id=491516670"], "name": "CVE-2026-4679", "public_date": "2026-03-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-4679\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-4679\nhttps://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_23.html\nhttps://issues.chromium.org/issues/491516670"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "146.0.7680.165"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-03-24T20:06:10.689274+00:00", "value": {"mitigation_remediation": ["Update Google Chrome to version 146.0.7680.165 or later.", "If automatic updates are disabled, download the latest installer from the official Google Chrome website and apply the patch manually.", "Enable automatic updates to receive future security fixes.", "If the update cannot be applied, consider disabling or uninstalling the affected Chrome installation to mitigate the risk."], "summary": {"action": "Patch", "impact": "Out\u2011of\u2011Bounds Memory Write"}, "threat_synthesis": {"affected_systems": "The flaw affects Google Chrome versions earlier than 146.0.7680.165 across all supported operating systems, including Windows, macOS, and Linux. Users who run an affected Chrome build and load a page controlled by an attacker are at risk. The vulnerability applies to all Chrome deployments as listed in the CPE strings for Google Chrome.", "description_and_impact": "An integer overflow in the font rendering component of Google Chrome allows a maliciously crafted HTML page to trigger an out\u2011of\u2011bounds memory write. This corrupts the browser process memory and may enable an attacker to alter program flow or execute code within the Chrome process scope. The weakness is grouped under CFA\u2011190 and CFA\u2011472, indicating improper signed arithmetic and unchecked index usage.", "risk_and_exploitability": "The CVSS score of 8.8 places this vulnerability in the high\u2011severity range. The EPSS score of less than 1% suggests that, as of now, the probability of exploitation is low, and it is not listed in the CISA KEV catalog. The likely attack vector is remote, network\u2011based via a malicious web page. An attacker needs only to entice a victim to open the crafted page; no local privileges are required. The potential outcome is the execution of arbitrary code in the Chrome process."}}}}, "created": "2026-03-24T10:29:29.886080+00:00", "updated": "2026-03-25T20:40:35.598587+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}