QSearchQSearch

CVE-2026-41157

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU ...

Published: 2026-06-12 · Last updated: 2026-06-12

Severity and scoring

CWE
CWE-787

Description

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU user-space driver, leading to memory corruption and possible browser/GPU process crash. The software computes a required memory size from untrusted input, but integer overflow can produce a value smaller than needed. Subsequent write operations may then occur past the intended memory boundary, corrupting adjacent memory and causing process instability or termination.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-6676 Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may allow Local Execu... (7.8 HIGH)
  • CVE-2025-14098 Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executab... (7.8 HIGH)
  • CVE-2026-34195 Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in t...
  • CVE-2025-7004 Heap buffer out-of-bounds write vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of C... (7.8 HIGH)
  • CVE-2026-47965 Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in ... (7.8 HIGH)