GHSA-2m3r-7r37-rw4cCriticalCVSS 9.8

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can...

Published
June 13, 2026
Last Modified
June 15, 2026

🔗 CVE IDs covered (1)

📋 Description

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU user-space driver, leading to memory corruption and possible browser/GPU process crash.

The software computes a required memory size from untrusted input, but integer overflow can produce a value smaller than needed. Subsequent write operations may then occur past the intended memory boundary, corrupting adjacent memory and causing process instability or termination.

🔗 References (3)