Cyber Resilience

CVE-2026-9117

High

Published: 20 May 2026

Published
20 May 2026
Modified
21 May 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0027 17.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-9117 is a high-severity Type Confusion (CWE-843) vulnerability in Google Chrome. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 17.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: High)

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Type confusion in Chrome renderer enables sandbox escape (privilege escalation) after initial renderer compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-8534Same product: Google Chrome
CVE-2025-12438Same product: Google Chrome
CVE-2026-8001Same product: Google Chrome
CVE-2026-7992Same product: Google Chrome
CVE-2026-9988Same product: Google Chrome
CVE-2026-7914Same product: Google Chrome
CVE-2026-9123Same product: Google Chrome
CVE-2026-31502Same product: Linux Linux Kernel
CVE-2026-7898Same product: Google Chrome
CVE-2024-40676Same vendor: Google

Affected Assets

google
chrome
≤ 148.0.7778.179

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References