Platform
chrome
Component
chrome-fonts
Opgelost in
146.0.7680.165
CVE-2026-4679 describes an Integer Overflow vulnerability discovered in Chrome Fonts. This flaw enables a remote attacker to trigger an out-of-bounds memory write by crafting a malicious HTML page, potentially leading to denial of service or, in a more severe scenario, arbitrary code execution. The vulnerability affects Google Chrome versions prior to 146.0.7680.165, and a fix has been released in version 146.0.7680.165.
The Integer Overflow vulnerability in Chrome Fonts allows an attacker to manipulate memory allocation within the font rendering engine. By crafting a specially designed HTML page, an attacker can trigger an overflow condition, leading to a write outside the intended memory boundaries. This can result in a crash of the Chrome browser, potentially leading to a denial-of-service. More critically, a successful exploit could allow the attacker to overwrite critical data structures, potentially enabling arbitrary code execution within the browser's process. The impact is significant, as it could allow an attacker to gain control of the user's system through a seemingly innocuous web page.
CVE-2026-4679 was publicly disclosed on 2026-03-24. There is currently no known public proof-of-concept (POC) code available. The vulnerability has been assessed as High severity by the Chromium security team. It is not currently listed on the CISA KEV catalog, but its high severity warrants monitoring for potential exploitation. The vulnerability's reliance on crafting a specific HTML page suggests exploitation would require a user to visit a malicious website.
Users who rely on older, unpatched versions of Google Chrome are at risk. This includes individuals who have disabled automatic updates, organizations with legacy systems running older Chrome versions, and users who frequently visit untrusted websites. Shared hosting environments where users have limited control over their browser versions are also particularly vulnerable.
• windows / chrome: Monitor Chrome's crash logs (chrome.exe) for unusual patterns or errors related to font rendering. Use Windows Defender Exploit Guard to block potentially malicious websites.
Get-Process chrome | Select-Object ProcessId, CPU, WorkingSet• linux / server: Monitor Chrome's process memory usage using tools like top or htop. Examine system logs for crashes or errors related to Chrome.
ps aux | grep chrome• generic web: Inspect HTTP requests and responses for unusual parameters or data related to font loading. Examine browser developer tools for any errors or warnings related to font rendering. • database (mysql, redis, mongodb, postgresql): N/A - This vulnerability does not directly impact databases. • wordpress / composer / npm: N/A - This vulnerability does not directly impact these components.
disclosure
Exploit Status
EPSS
0.11% (29% percentiel)
The primary mitigation for CVE-2026-4679 is to immediately upgrade to Google Chrome version 146.0.7680.165 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing stricter content security policies (CSP) to restrict the execution of inline scripts and the loading of external resources from untrusted sources. While a direct WAF rule is unlikely to be effective against this type of memory corruption vulnerability, ensuring that Chrome is running with the least privilege possible can limit the potential damage if an exploit is successful. Regularly scan your systems for outdated Chrome installations.
Actualice Google Chrome a la versión 146.0.7680.165 o superior. Esto solucionará la vulnerabilidad de desbordamiento de enteros en el manejo de fuentes que permite la escritura fuera de los límites de la memoria.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2026-4679 is an Integer Overflow vulnerability in Google Chrome Fonts that allows out-of-bounds memory writes via crafted HTML, potentially leading to crashes or code execution.
You are affected if you are using Google Chrome versions prior to 146.0.7680.165. Check your Chrome version and update if necessary.
Upgrade to Google Chrome version 146.0.7680.165 or later to mitigate the vulnerability. Ensure automatic updates are enabled.
There is currently no known active exploitation of CVE-2026-4679, but the high severity warrants monitoring.
Refer to the official Google Security Blog for details: https://security.googleblog.com/
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.