GHSA-2m3r-7r37-rw4cCriticalCVSS 9.8
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can...
🔗 CVE IDs covered (1)
📋 Description
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU user-space driver, leading to memory corruption and possible browser/GPU process crash.
The software computes a required memory size from untrusted input, but integer overflow can produce a value smaller than needed. Subsequent write operations may then occur past the intended memory boundary, corrupting adjacent memory and causing process instability or termination.