Cyber Resilience

CVE-2026-2315

High

Published: 11 February 2026

Published
11 February 2026
Modified
13 February 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0875 94.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-2315 is a high-severity an unspecified weakness vulnerability in Google Chrome. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked in the top 5.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-5 (Security Alerts, Advisories, and Directives).

Deeper analysis

CVE-2026-2315 involves an inappropriate implementation in the WebGPU component of Google Chrome prior to version 145.0.7632.45. This flaw enables a remote attacker to potentially perform out-of-bounds memory access through a crafted HTML page. The Chromium security team classified it as High severity, with an associated CWE listed as NVD-CWE-noinfo.

The vulnerability can be exploited by a remote attacker with no privileges required, though user interaction is necessary, such as visiting a malicious site. Exploitation could lead to high impacts on confidentiality, integrity, and availability, reflected in its CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

Mitigation is available in Google Chrome version 145.0.7632.45 and later. Security practitioners should advise users to update promptly. Additional details are provided in the Chrome Releases stable channel update at https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_10.html and the Chromium issue tracker at https://issues.chromium.org/issues/479242793.

EU & UK References

Vulnerability details

Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1189 Drive-by Compromise Initial Access
Adversaries may gain access to a system through a user visiting a website over the normal course of browsing.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Browser memory corruption (OOB access) via crafted HTML page enables drive-by compromise and client-side exploitation for code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-7357Same product: Apple Macos
CVE-2026-4460Same product: Apple Macos
CVE-2026-7342Same product: Apple Macos
CVE-2025-13226Same product: Apple Macos
CVE-2026-4680Same product: Apple Macos
CVE-2026-4463Same product: Apple Macos
CVE-2026-4459Same product: Apple Macos
CVE-2026-7355Same product: Apple Macos
CVE-2025-10585Same product: Apple Macos
CVE-2026-5284Same product: Apple Macos

Affected Assets

google
chrome
≤ 145.0.7632.45

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates identification, reporting, and timely correction of flaws such as the WebGPU out-of-bounds memory access vulnerability in Chrome prior to 145.0.7632.45.

prevent

Implements memory protection mechanisms that mitigate exploitation of out-of-bounds memory access via crafted HTML pages.

prevent

Requires receiving and applying vendor security alerts and advisories, including the Chrome stable channel update fixing CVE-2026-2315.

References