CVE-2026-5282: Medium Out of bounds read in WebCodecs
Published Mar 11, 2026
·Updated
Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Credit
c6eed09fc8b174b0f3eebedcceb1e792
Affected Software
5 affected components
Google Google Chrome<146.0.7680.178
All of the following
Google Chrome<146.0.7680.177
Any of the following
Apple macOS
Linux Linux kernel
Microsoft Windows
Event History
Apr 1, 2026
CVE Published
via MITRE·04:41 AM
Data Sourced
via MITRE·04:41 AM
DescriptionWeakness
Data Sourced
via NVD·05:16 AM
DescriptionSeverityWeaknessAffected Software
May 22, 2026
Data Sourced
12:00 AM
SeverityWeakness
Peer vulnerabilities
Found alongside the following vulnerabilities.
Frequently Asked Questions
1
What is the severity of CVE-2026-5282?
The severity of CVE-2026-5282 is classified as High.
2
How do I fix CVE-2026-5282?
To fix CVE-2026-5282, update Google Chrome to version 146.0.7680.178 or later.
3
What impact does CVE-2026-5282 have on users?
CVE-2026-5282 allows a remote attacker to perform an out of bounds memory read via a crafted HTML page.
4
Which versions of Google Chrome are affected by CVE-2026-5282?
Google Chrome versions prior to 146.0.7680.178 are affected by CVE-2026-5282.
5
Is there a workaround for CVE-2026-5282 if I cannot update Google Chrome?
There are no specific workarounds for CVE-2026-5282; the best mitigation is to promptly update to the latest version.