CVE-2026-41157
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk27th percentile — higher than 27% of all known CVEs
Summary
A web page containing unusual WebGPU content can load it into the GPU GLES render process, leading to an out-of-bound write in the GPU user-space driver. This may result in memory corruption and possible browser/GPU process crash.
Risk Assessment
The risk to the organization includes potential browser or GPU process crashes, which could lead to data loss or service interruptions.
Recommendation
It is recommended to update the software to the latest version to minimize the risk associated with this vulnerability and to monitor web applications for unusual behaviors.
Original NVD description (English source)
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU user-space driver, leading to memory corruption and possible browser/GPU process crash. The software computes a required memory size from untrusted input, but integer overflow can produce a value smaller than needed. Subsequent write operations may then occur past the intended memory boundary, corrupting adjacent memory and causing process instability or termination.

