Google Chrome on Mac allows remote code execution via crafted HTML page

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Google Chrome on Mac allows remote code execution via crafted HTML page

CVE-2026-5275

Summary

A security issue exists in Google Chrome on Mac versions prior to 146.0.7680.178. An attacker can create a malicious webpage that executes unauthorized code on your Mac, potentially allowing them to access sensitive information or take control of your system. To fix this, update Google Chrome to the latest version.

Original title

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Original description

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Vulnerability type

CWE-122 Heap-based Buffer Overflow

Published: 1 Apr 2026 · Updated: 1 Apr 2026 · First seen: 1 Apr 2026