CVE-2026-8510

Published: May 14th, 2026
Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
HIGH
CVSS v3: 7.5

Status

DocFilters Release Package State Justification Comment
26.2 skia () Needs Triage
26.1 skia () Needs Triage
25.4 skia () Needs Triage
25.3 skia () Needs Triage
25.2 skia () Needs Triage
25.1 skia () Needs Triage
24.4 skia () Needs Triage
24.4.0 skia () Needs Triage
24.3 skia () Needs Triage
24.2 skia () Needs Triage
24.1 skia () Needs Triage
23.3 skia () Needs Triage
23.2 skia () Needs Triage
23.1 skia () Needs Triage
22.4 skia () Needs Triage
22.3 skia () Needs Triage
22.2 skia () Needs Triage
22.1 skia () Needs Triage
21.11 skia () Needs Triage
21.8 skia () Needs Triage
21.5.0 skia () Needs Triage
21.2.0 skia () Needs Triage
11.4.19.3667 skia () Needs Triage
11.4.18.3599 skia () Needs Triage
11.4.16.3445 skia () Needs Triage
11.4.15.3368 skia () Needs Triage
11.4.14.3263 skia () Needs Triage
11.4.13.3179 skia () Needs Triage
11.4.12.3054 skia () Needs Triage
11.4.11.3040 skia () Needs Triage
11.4.11.2990 skia () Needs Triage
11.4.10.2934 skia () Needs Triage
11.4.9.2878 skia () Needs Triage
11.4.8.2822 skia () Needs Triage

Severity score breakdown

Attack Complexity
HIGH
Attack Vector
NETWORK
Availability Impact
HIGH
Base Score
7.5
Base Severity
HIGH
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
REQUIRED
Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Version
3.1

References