Cyber Resilience

CVE-2026-7981

High

Published: 06 May 2026

Published
06 May 2026
Modified
07 May 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score 0.0020 10.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-7981 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Google Chrome. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 10.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Out of bounds read in Codecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: Medium)

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Out-of-bounds read via malicious file directly enables user execution of attacker-controlled content (T1204.002) and extraction of sensitive data from Chrome process memory (T1005).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

Affected Assets

google
chrome
≤ 148.0.7778.96

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References