Chrome ANGLE XOP Data Leak before 148.0.7778.168
CVE-2026-8556 Published on May 14, 2026
Inappropriate implementation in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Vulnerability Analysis
CVE-2026-8556 is exploitable with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Types
What is a Buffer Overflow Vulnerability?
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
CVE-2026-8556 has been classified to as a Buffer Overflow vulnerability or weakness.
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2026-8556 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2026-8556
Want to know whenever a new CVE is published for Google Chrome? stack.watch will email you.
Affected Versions
Google Chrome:- Version 148.0.7778.168 and below 148.0.7778.168 is affected.