Google Chrome < 148.0.7778.167 Multiple Vulnerabilities

🗓️ 14 May 2026 00:00:00Reported by TenableType
Chrome prior to 148.0.7778.167 on Windows has multiple vulnerabilities including use after free and overflow.
Reporter	Title	Published	Views	Family All 1770
ATTACKERKB	CVE-2026-8556	14 May 202619:52	–	attackerkb
ATTACKERKB	CVE-2026-8546	14 May 202619:52	–	attackerkb
ATTACKERKB	CVE-2026-8537	14 May 202619:52	–	attackerkb
ATTACKERKB	CVE-2026-8544	14 May 202619:52	–	attackerkb
ATTACKERKB	CVE-2026-8519	14 May 202619:52	–	attackerkb
ATTACKERKB	CVE-2026-8578	14 May 202619:52	–	attackerkb
ATTACKERKB	CVE-2026-8525	14 May 202619:52	–	attackerkb
ATTACKERKB	CVE-2026-8532	14 May 202619:52	–	attackerkb
ATTACKERKB	CVE-2026-8569	14 May 202619:52	–	attackerkb
ATTACKERKB	CVE-2026-8523	14 May 202619:52	–	attackerkb
Source	Link
nessus	www.nessus.org/u
crbug	www.crbug.com/493310462
crbug	www.crbug.com/502636904
crbug	www.crbug.com/495108488
crbug	www.crbug.com/495782021
crbug	www.crbug.com/495939973
crbug	www.crbug.com/495948109
crbug	www.crbug.com/495999127
crbug	www.crbug.com/496393078
crbug	www.crbug.com/497531263
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(314746);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/22");

  script_cve_id(
    "CVE-2026-8509",
    "CVE-2026-8510",
    "CVE-2026-8511",
    "CVE-2026-8512",
    "CVE-2026-8513",
    "CVE-2026-8514",
    "CVE-2026-8515",
    "CVE-2026-8516",
    "CVE-2026-8517",
    "CVE-2026-8518",
    "CVE-2026-8519",
    "CVE-2026-8520",
    "CVE-2026-8521",
    "CVE-2026-8522",
    "CVE-2026-8523",
    "CVE-2026-8524",
    "CVE-2026-8525",
    "CVE-2026-8526",
    "CVE-2026-8527",
    "CVE-2026-8528",
    "CVE-2026-8529",
    "CVE-2026-8530",
    "CVE-2026-8531",
    "CVE-2026-8532",
    "CVE-2026-8533",
    "CVE-2026-8534",
    "CVE-2026-8535",
    "CVE-2026-8536",
    "CVE-2026-8537",
    "CVE-2026-8538",
    "CVE-2026-8539",
    "CVE-2026-8540",
    "CVE-2026-8541",
    "CVE-2026-8542",
    "CVE-2026-8543",
    "CVE-2026-8544",
    "CVE-2026-8545",
    "CVE-2026-8546",
    "CVE-2026-8547",
    "CVE-2026-8548",
    "CVE-2026-8549",
    "CVE-2026-8550",
    "CVE-2026-8551",
    "CVE-2026-8552",
    "CVE-2026-8553",
    "CVE-2026-8554",
    "CVE-2026-8555",
    "CVE-2026-8556",
    "CVE-2026-8557",
    "CVE-2026-8558",
    "CVE-2026-8559",
    "CVE-2026-8560",
    "CVE-2026-8561",
    "CVE-2026-8562",
    "CVE-2026-8563",
    "CVE-2026-8564",
    "CVE-2026-8565",
    "CVE-2026-8566",
    "CVE-2026-8567",
    "CVE-2026-8568",
    "CVE-2026-8569",
    "CVE-2026-8570",
    "CVE-2026-8571",
    "CVE-2026-8572",
    "CVE-2026-8573",
    "CVE-2026-8574",
    "CVE-2026-8575",
    "CVE-2026-8576",
    "CVE-2026-8577",
    "CVE-2026-8578",
    "CVE-2026-8579",
    "CVE-2026-8580",
    "CVE-2026-8581",
    "CVE-2026-8582",
    "CVE-2026-8583",
    "CVE-2026-8584",
    "CVE-2026-8585",
    "CVE-2026-8586",
    "CVE-2026-8587"
  );
  script_xref(name:"IAVA", value:"2026-A-0485");

  script_name(english:"Google Chrome < 148.0.7778.167 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Google Chrome installed on the remote Windows host is prior to 148.0.7778.167. It is, therefore, affected
by multiple vulnerabilities as referenced in the 2026_05_stable-channel-update-for-desktop_12 advisory.

  - Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who
    convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome
    Extension. (Chromium security severity: Medium) (CVE-2026-8587)

  - Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially
    perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) (CVE-2026-8580)

  - Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to
    execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)
    (CVE-2026-8509)

  - Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who
    had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.
    (Chromium security severity: Critical) (CVE-2026-8510)

  - Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially
    perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) (CVE-2026-8511)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?439266d5");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/493310462");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/502636904");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/495108488");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/495782021");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/495939973");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/495948109");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/495999127");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/496393078");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/497531263");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/497830330");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/498400132");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/503619813");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/504106200");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/504185107");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/483956252");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/503425922");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/499565267");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/497928952");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/486536241");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/486761172");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/487795397");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/490222151");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/491930142");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/492350403");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/492812194");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/495247950");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/495314407");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/495530312");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/495857582");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/495890000");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/496415073");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/496524586");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/496627235");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/496645393");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/497066659");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/497095799");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/497151750");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/497486030");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/497531791");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/497632199");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/497821764");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/497985088");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/498322453");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/498376171");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/498706958");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/498715368");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/499131214");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/500033878");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/500052361");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/502978647");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/504629701");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/328109821");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/343352552");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/40057534");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/40061220");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/418273622");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/442860473");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/470646792");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/484986863");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/488728570");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/490229299");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/490353576");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/491422244");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/495405493");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/495417883");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/495902113");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/496217775");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/496231853");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/496302307");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/496395450");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/496526419");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/496639647");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/497292072");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/497594413");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/497975477");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/498892595");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/499052720");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/499154022");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/507356235");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Google Chrome version 148.0.7778.167 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-8587");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2026-8580");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/05/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/05/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/05/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("google_chrome_installed.nasl", "smb_hotfixes.nasl");
  script_require_keys("installed_sw/Google Chrome");

  exit(0);
}

include('vdf.inc');
include('smb_hotfixes.inc');

# @tvdl-content-verify-only
var vuln_data = {
  "metadata": {
    "spec_version": "1.0"
  },
  "requires": [
    {
      "scope": "target",
      "match": {
        "os": "windows"
      }
    },
    {
      "scope": "target",
      "match": {
        "os_version": "10"
      }
    },
    {
      "scope": "target",
      "match": {
        "sp": "0"
      }
    }
  ],
  "checks": [
    {
      "product": {
        "name": "Google Chrome",
        "type": "app"
      },
      "check_algorithm": "default",
      "constraints": [
        {
          "fixed_version": "148.0.7778.167",
          "fixed_display": "148.0.7778.167/168"
        }
      ]
    }
  ]
};

var vdf_result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:vdf_result);
22 May 2026 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS 3.19.6
EPSS0.00148
SSVC