External Control of Assumed-Immutable Web Parameter

CVE-2026-2649

High

8.8/10

Summary

Integer Overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-472 - External Control of Assumed-Immutable Web Parameter

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.

References

Advisory
Advisory

Advisory Timeline

Published Feb 18, 2026

External Control of Assumed-Immutable Web Parameter

CVE-2026-2649

Summary

CWE-472 - External Control of Assumed-Immutable Web Parameter

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS