Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
Google Chrome's GPU Cache Exposed on Local Machines
CVE-2025-48630
ASB-A-455563813
Summary
A bug in Google Chrome allows an attacker on the same machine to access sensitive information stored in the GPU cache, potentially leading to unauthorized access to local data. This vulnerability requires no user interaction and can be exploited by a local attacker. To mitigate this issue, ensure that all Google Chrome updates are installed promptly and consider implementing additional security measures to protect sensitive data on local machines.
What to do
- Update google platform/frameworks/native to version 16-qpr2-next:2026-03-01.
- Update google platform/frameworks/native to version 15:2026-03-01.
- Update google platform/frameworks/native to version 16:2026-03-01.
- Update google platform/frameworks/native to version 16-qpr2:2026-03-01.
- Update google platform/frameworks/native to version 14:2026-03-01.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| android | 14.0 | – | |
| android | 15.0 | – | |
| android | 16.0 | – | |
| android | 16.0 | – | |
| android | 16.0 | – | |
| android | 16.0 | – | |
| platform/frameworks/native | > 16-qpr2-next:0 , <= 16-qpr2-next:2026-03-01 | 16-qpr2-next:2026-03-01 | |
| platform/frameworks/native | > 15:0 , <= 15:2026-03-01 | 15:2026-03-01 | |
| platform/frameworks/native | > 16:0 , <= 16:2026-03-01 | 16:2026-03-01 | |
| platform/frameworks/native | > 16-qpr2:0 , <= 16-qpr2:2026-03-01 | 16-qpr2:2026-03-01 | |
| platform/frameworks/native | > 14:0 , <= 14:2026-03-01 | 14:2026-03-01 |
Original title
In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information disclosure. This could lead to local escalation of privilege with no a...
Original description
In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd CVSS3.1
7.4
Vulnerability type
CWE-208
Published: 1 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026