CVE-2026-5912 Overview
CVE-2026-5912 is an integer overflow vulnerability in the WebRTC component of Google Chrome prior to version 147.0.7727.55. The flaw allows a remote attacker to trigger an out-of-bounds memory write through a crafted HTML page. Exploitation requires user interaction, such as visiting a malicious website. The vulnerability is categorized under [CWE-472] and affects Chrome installations on Windows, macOS, and Linux. Successful exploitation can lead to memory corruption, browser process compromise, and potential arbitrary code execution within the renderer sandbox.
Critical Impact
A remote attacker can corrupt memory in the Chrome renderer process via a malicious web page, leading to out-of-bounds writes that may enable code execution or browser crashes.
Affected Products
- Google Chrome versions prior to 147.0.7727.55
- Chrome on Microsoft Windows
- Chrome on Apple macOS and Linux distributions
Discovery Timeline
- 2026-04-08 - CVE-2026-5912 published to the National Vulnerability Database
- 2026-04-08 - Google releases stable channel update addressing the flaw
- 2026-04-29 - Last updated in NVD database
Technical Details for CVE-2026-5912
Vulnerability Analysis
The vulnerability resides in the WebRTC (Web Real-Time Communication) implementation shipped with Chromium. WebRTC handles peer-to-peer audio, video, and data channels directly in the browser. An integer overflow occurs when size or length values are computed during the processing of attacker-controlled WebRTC data structures. The overflowed value bypasses bounds checks, causing subsequent memory operations to write past the intended buffer boundary.
The issue is classified under [CWE-472] (External Control of Assumed-Immutable Web Parameter), reflecting how untrusted input influences values the code treats as trusted during memory operations. Out-of-bounds writes in the renderer process are a common stepping stone toward sandbox escapes and remote code execution when chained with additional flaws.
Root Cause
The root cause is improper validation of arithmetic operations on size or index values within the WebRTC code path. When attacker-supplied input causes an integer to wrap around its maximum representable value, the resulting small or negative value is used as a length or offset. Memory allocations sized by the overflowed value are too small, while subsequent write operations use the original, larger size, producing an out-of-bounds write.
Attack Vector
Exploitation is network-based and requires the victim to load a crafted HTML page in a vulnerable Chrome build. The attacker hosts a malicious page that initiates WebRTC operations with carefully sized payloads to trigger the overflow. User interaction is limited to visiting the page, which can be delivered through phishing links, malicious advertisements, or compromised websites. No authentication is required.
No verified public proof-of-concept code is available. Technical specifics are tracked in the Chromium Issue Tracker Entry.
Detection Methods for CVE-2026-5912
Indicators of Compromise
- Chrome renderer process crashes with memory access violations after visiting an untrusted page
- Unexpected child processes spawned by chrome.exe or the Chrome helper process
- Outbound WebRTC traffic to unfamiliar STUN, TURN, or ICE endpoints not associated with legitimate applications
- Browser telemetry showing tab crashes correlated with specific URLs
Detection Strategies
- Inventory Chrome installations across the fleet and flag versions earlier than 147.0.7727.55
- Inspect proxy and DNS logs for visits to newly registered or low-reputation domains preceding browser crashes
- Correlate endpoint process telemetry to identify anomalous child processes launched from the Chrome process tree
Monitoring Recommendations
- Enable browser crash reporting and forward dumps to a centralized analysis pipeline
- Monitor for execution of post-exploitation tooling immediately following Chrome activity
- Track WebRTC connection metadata at the network egress layer to detect unusual peer connections originating from end-user systems
How to Mitigate CVE-2026-5912
Immediate Actions Required
- Update Google Chrome to version 147.0.7727.55 or later on all Windows, macOS, and Linux endpoints
- Restart browsers after deployment to ensure the patched binary is loaded
- Validate enterprise managed-browser policies to confirm automatic updates are enabled and not blocked by group policy
Patch Information
Google released the fix in the stable channel update documented in the Google Chrome Update Announcement. Chromium-based browsers that consume the same upstream WebRTC code should also be updated when vendor patches are published. Verify the running version by opening chrome://settings/help.
Workarounds
- Where immediate patching is not feasible, restrict access to untrusted websites using web filtering or DNS-based controls
- Disable WebRTC features via enterprise policy for users who do not require real-time communication functionality
- Apply browser hardening policies that block third-party content and limit script execution on untrusted origins
# Verify the deployed Chrome version on Linux endpoints
google-chrome --version
# Windows registry policy to enforce automatic updates (per Google documentation)
reg add "HKLM\SOFTWARE\Policies\Google\Update" /v UpdateDefault /t REG_DWORD /d 1 /f
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

