Cyber Resilience

CVE-2026-8531

High

Published: 14 May 2026

Published
14 May 2026
Modified
19 May 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0026 17.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-8531 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Google Chrome. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked at the 17.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Heap buffer overflow in WebML in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1189 Drive-by Compromise Initial Access
Adversaries may gain access to a system through a user visiting a website over the normal course of browsing.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Heap overflow in Chrome enables drive-by compromise (T1189) and client-side exploitation for code execution (T1203) via crafted HTML.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-7928Same product: Google Chrome
CVE-2026-8519Same product: Google Chrome
CVE-2026-4452Same product: Google Chrome
CVE-2026-8555Same product: Google Chrome
CVE-2026-9984Same product: Google Chrome
CVE-2026-9945Same product: Google Chrome
CVE-2026-9928Same product: Google Chrome
CVE-2026-9924Same product: Google Chrome
CVE-2026-9959Same product: Google Chrome
CVE-2026-8530Same product: Google Chrome

Affected Assets

google
chrome
≤ 148.0.7778.168

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References