CVE-2026-3061 – Chromium – DevTools and Memory Handling Security Vulnerabilities

Google released Chromium 145.0.7632.116/117 to fix three high-severity vulnerabilities affecting Chrome’s media handling, WebGPU shader compilation, and developer tools environment. These weaknesses could allow specially crafted web content or malicious browser extensions to read or corrupt memory, or inject unauthorized code into privileged browser interfaces.

CVE-2026-3061 affects the Media component and allows an out-of-bounds read triggered by crafted HTML content. Attackers could exploit this weakness to access sensitive browser memory. This vulnerability has a CVSS v3.1 score of 8.8 (High).

CVE-2026-3062 impacts the Tint WebGPU shader compiler and allows out-of-bounds memory read and write operations through malicious web content. Memory write conditions increase the risk of memory corruption and possible browser compromise. This issue has a CVSS v3.1 score of 8.8 (High).

CVE-2026-3063 affects Chrome DevTools due to an inappropriate implementation that could allow a malicious extension to inject scripts into privileged DevTools pages after installation. This vulnerability has a CVSS v3.1 score of 8.8 (High).

There are no verified reports of active exploitation or confirmed public proof-of-concept code associated with these vulnerabilities at the time of this release.