Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Google Chrome: Malicious PDF File Can Crash Browser
CVE-2026-2648
Summary
A security issue in older versions of Google Chrome allows a hacker to create a malicious PDF file that could crash the browser. This could potentially happen if you visit a website that includes this type of file. Update to the latest version of Chrome to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| chrome | <= 145.0.7632.109 | – |
Original title
Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. (Chromium security severity: High)
Original description
Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. (Chromium security severity: High)
nvd CVSS3.1
8.8
Vulnerability type
CWE-122
Heap-based Buffer Overflow
- https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_... Release Notes
- https://issues.chromium.org/issues/477033835 Issue Tracking Permissions Required
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026