CVE-2026-8573 Google CVE debrief

Who should care

Windows users running Google Chrome, enterprise security teams managing browser deployments, organizations with bring-your-own-device policies, and security operations centers monitoring for browser-based exploitation chains

Technical summary

An integer overflow vulnerability exists in the Codecs component of Google Chrome on Windows. The flaw can be triggered when processing a crafted video file, potentially allowing a remote attacker to escape the Chrome sandbox. The vulnerability requires user interaction (e.g., opening a malicious video) and has high attack complexity, but successful exploitation could lead to complete compromise of confidentiality, integrity, and availability within the browser context. The issue is rated Medium severity by Chromium security team but carries a HIGH CVSS score of 8.3 due to the sandbox escape impact.

Defensive priority

HIGH

Recommended defensive actions

• Update Google Chrome to version 148.0.7778.168 or later on Windows systems
• Restrict or block untrusted video file downloads and playback in Chrome where patching is delayed
• Monitor for anomalous Chrome renderer or GPU process crashes that may indicate exploitation attempts
• Review application control policies to limit execution of unverified media content

Evidence notes

Official vendor advisory confirms fix in Chrome 148.0.7778.168. Chromium issue tracker reference indicates restricted access (Permissions Required). CVSS 8.3 (HIGH) reflects network attack vector with high complexity, requiring user interaction, but with significant impact including sandbox escape potential.

Official resources