CVE-2026-7340

EUVD-2026-26166
Integer overflow in ANGLE in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
ChromeCNA
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
googlechrome
𝑥
≤ 147.0.7727.138
CNA
Debian logo
Debian Releases
Debian Product
Codename
chromium
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
vulnerable
sid
vulnerable
trixie
vulnerable
trixie (security)
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
jammy
not-affected
noble
not-affected
questing
not-affected
resolute
not-affected
Common Weakness Enumeration
References
https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html
https://issues.chromium.org/issues/497896137