CVE-2026-9965: Out of bounds write in ANGLE in Google Chrome prior to 148
Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
HarborGuard Analysis
HarborGuard analysisSynopsis
An out-of-bounds write vulnerability exists in ANGLE, the graphics abstraction layer bundled with Google Chrome versions prior to 148.0.7778.216. A remote attacker can reach it over the network without any account credentials, but must convince the target user to visit a crafted HTML page. Successful exploitation corrupts heap memory, giving the attacker the ability to read sensitive data, modify application state, and crash or take control of the affected process. A patched-image rebuild at version 148.0.7778.216 is available on HarborGuard for environments running an affected Chrome version.
HarborGuard Coverage
Detection of CVE-2026-9965 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images that bundle Chrome or Chromium as a dependency. Any image carrying a Chrome version below 148.0.7778.216 is flagged automatically.
AvailableHarborGuard triage capability scores this CVE at 8.8 HIGH using the published CVSS v3.1 vector and weights it further against each environment's compliance policy to determine urgency and routing. Alerts are directed to the appropriate team inbox within each customer organization based on image ownership and policy configuration.
AvailableA patched-image rebuild at Chrome 148.0.7778.216 is available on HarborGuard for any image found to carry an affected version. For customers who opt into auto-remediation, HarborGuard is capable of triggering the rebuild, running a regression test suite against the new image, and opening a pull request against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityRequired
The attacker must reach the victim's browser over the network by delivering a crafted HTML page via a standard web request.
- AuthenticationNot required
No account credentials or prior authentication are needed to deliver the malicious page to the target.
- Victim interactionRequired
The target user must open a crafted HTML page, requiring the attacker to socially engineer a click or redirect.
- Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions or specific memory layout preconditions.
Blast Radius
- A successful attacker reads contents of heap memory, which may include session tokens, credentials, or other sensitive browser state.
- A successful attacker writes arbitrary data into heap memory, allowing modification of internal Chrome or ANGLE data structures.
- The attacker can crash the affected Chrome renderer process, disrupting the user's session and any active web applications.
- In a full exploitation scenario, heap corruption at this severity level enables arbitrary code execution within the Chrome renderer sandbox.
How HarborGuard Handles This
Available on HarborGuard: images carrying Google Chrome below 148.0.7778.216 are detectable the moment the CVE enters the upstream feed, and a rebuilt image at the fixed version is available for affected environments. Where compliance policy permits auto-remediation, HarborGuard can execute the full rebuild-and-PR flow; for high-severity issues the median time from CVE publication to a merged patch PR is around 90 minutes in environments with auto-remediation enabled. For teams that prefer manual review, the triage alert includes the CVSS 8.8 HIGH score, the affected image list, and the fix version, giving engineers the context needed to prioritize and act quickly.
Metrics
- CVSS v3.1
- 8.8
- Severity
- HIGH
- Fixed in
- 148.0.7778.216
- Affected Products
- 1
Fix available
- Google / Chrome< 148.0.7778.216 (from 148.0.7778.216)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H