CVE-2026-2315
Published: 11 February 2026
Summary
CVE-2026-2315 is a high-severity an unspecified weakness vulnerability in Google Chrome. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked in the top 5.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-5 (Security Alerts, Advisories, and Directives).
Deeper analysis
CVE-2026-2315 involves an inappropriate implementation in the WebGPU component of Google Chrome prior to version 145.0.7632.45. This flaw enables a remote attacker to potentially perform out-of-bounds memory access through a crafted HTML page. The Chromium security team classified it as High severity, with an associated CWE listed as NVD-CWE-noinfo.
The vulnerability can be exploited by a remote attacker with no privileges required, though user interaction is necessary, such as visiting a malicious site. Exploitation could lead to high impacts on confidentiality, integrity, and availability, reflected in its CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
Mitigation is available in Google Chrome version 145.0.7632.45 and later. Security practitioners should advise users to update promptly. Additional details are provided in the Chrome Releases stable channel update at https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_10.html and the Chromium issue tracker at https://issues.chromium.org/issues/479242793.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-6215
Vulnerability details
Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Browser memory corruption (OOB access) via crafted HTML page enables drive-by compromise and client-side exploitation for code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Mandates identification, reporting, and timely correction of flaws such as the WebGPU out-of-bounds memory access vulnerability in Chrome prior to 145.0.7632.45.
Implements memory protection mechanisms that mitigate exploitation of out-of-bounds memory access via crafted HTML pages.
Requires receiving and applying vendor security alerts and advisories, including the Chrome stable channel update fixing CVE-2026-2315.