CVE-2026-3061: Google Chrome Out of Bounds Read Flaw

CVE-2026-3061 Overview

CVE-2026-3061 is an out-of-bounds read vulnerability in the Media component of Google Chrome prior to version 145.0.7632.116. This memory safety issue allows a remote attacker to perform an out-of-bounds memory read via a crafted HTML page. The vulnerability is classified as CWE-125 (Out-of-bounds Read) and has been assigned a Chromium security severity rating of High.

An attacker can exploit this vulnerability by convincing a user to visit a malicious website containing specially crafted media content. When processed by the vulnerable Chrome Media component, the crafted content triggers an out-of-bounds memory read operation that can leak sensitive information from the browser's memory or cause a denial-of-service condition through application crash.

Critical Impact

Remote attackers can exploit this vulnerability to read sensitive data from Chrome's memory or crash the browser by hosting malicious HTML content that triggers the out-of-bounds read in the Media component.

Affected Products

• Google Chrome versions prior to 145.0.7632.116
• Google Chrome on Linux Linux_Kernel
• Google Chrome on Microsoft Windows
• Google Chrome on Apple macOS

Discovery Timeline

• February 23, 2026 - CVE-2026-3061 published to NVD
• February 25, 2026 - Last updated in NVD database

Technical Details for CVE-2026-3061

Vulnerability Analysis

The vulnerability exists within the Media processing component of Google Chrome. When the browser parses and processes certain media content embedded within HTML pages, it fails to properly validate array boundaries before performing memory read operations. This leads to an out-of-bounds read condition where the browser may access memory outside the intended buffer.

The network-based attack vector requires no privileges or user authentication, making it particularly dangerous in scenarios where users may be directed to malicious websites through phishing or compromised legitimate sites. The vulnerability can result in unauthorized disclosure of sensitive information stored in adjacent memory regions or cause the browser to crash, resulting in denial of service.

Root Cause

The root cause is improper bounds checking in the Media component's memory handling routines. When processing crafted media content, the component fails to validate that index values or length parameters fall within the allocated buffer boundaries before performing read operations. This allows attackers to craft specific media payloads that cause the browser to read memory beyond the intended buffer limits.

Attack Vector

The attack is executed remotely over the network with no user interaction beyond visiting a malicious webpage. The attacker hosts a specially crafted HTML page containing malicious media content designed to trigger the vulnerability. When a victim with a vulnerable Chrome version visits the page, the Media component processes the crafted content and performs the out-of-bounds read.

The vulnerability mechanism involves crafted media content that manipulates the parsing logic in Chrome's Media component. When this malicious content is processed, it causes the browser to access memory outside the designated buffer boundaries. For detailed technical information, refer to the Chromium Issue Tracker Entry.

Detection Methods for CVE-2026-3061

Indicators of Compromise

• Unexpected Chrome browser crashes, particularly when visiting unfamiliar websites or loading media content
• Chrome crash reports referencing the Media component or memory access violations
• Unusual network traffic patterns to suspicious domains hosting media-heavy content
• Browser memory dumps showing signs of out-of-bounds memory access

Detection Strategies

• Monitor for Chrome crash events with stack traces pointing to Media component functions
• Implement browser version auditing to identify installations running versions prior to 145.0.7632.116
• Deploy network monitoring to detect traffic to known malicious domains distributing exploit payloads
• Enable enhanced security logging in enterprise Chrome deployments to capture crash telemetry

Monitoring Recommendations

• Configure centralized crash reporting to aggregate Chrome stability issues across the organization
• Set up alerts for multiple Chrome crashes occurring within short timeframes across different endpoints
• Monitor endpoint detection systems for suspicious HTML or media file downloads
• Review web proxy logs for access to newly registered domains serving media content

How to Mitigate CVE-2026-3061

Immediate Actions Required

• Update Google Chrome to version 145.0.7632.116 or later immediately across all endpoints
• Enable automatic Chrome updates to ensure timely patching of future vulnerabilities
• Consider deploying browser isolation technologies for high-risk users until patching is complete
• Restrict access to untrusted websites through web filtering policies

Patch Information

Google has released a security update addressing this vulnerability in Chrome version 145.0.7632.116. The patch includes proper bounds validation in the Media component to prevent out-of-bounds memory read operations. Organizations should prioritize deploying this update across all managed Chrome installations.

For complete details on this security update, refer to the Google Chrome Desktop Update.

Workarounds

• Disable or limit media autoplay functionality in Chrome settings until patching is complete
• Use alternative browsers for accessing untrusted or unfamiliar websites
• Implement strict Content Security Policy headers on internal web applications to limit media sources
• Deploy web filtering to block access to newly registered or low-reputation domains

# Force Chrome update via command line (Windows)
"C:\Program Files\Google\Chrome\Application\chrome.exe" --check-for-update-interval=1

# Verify Chrome version meets minimum patched version
google-chrome --version | grep -E "145\.0\.7632\.11[6-9]|145\.0\.7632\.[2-9][0-9]|145\.0\.763[3-9]|145\.0\.76[4-9]|145\.[1-9]"