[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-5277":6},{"stargazers_count":4,"fetched_at":5},6,"2026-05-22T16:08:08.064Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":85,"aliases":86,"duplicate_of":9,"upstream":87,"downstream":88,"duplicates":95,"related":96,"reserved_at":9,"published_at":99,"modified_at":100,"state":101,"summary":102,"references_raw":111,"kevs":124,"epss":125,"epss_history":128,"metrics":288,"affected":296},"CVE-2026-5277","Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-472","External Control of Assumed-Immutable Web Parameter","The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.","weakness","Draft","Base",[19,23,27,81],{"id":20,"name":21,"techniques":22},"CAPEC-146","XML Schema Poisoning",[],{"id":24,"name":25,"techniques":26},"CAPEC-226","Session Credential Falsification through Manipulation",[],{"id":28,"name":29,"techniques":30},"CAPEC-31","Accessing/Intercepting/Modifying HTTP Cookies",[31],{"id":32,"name":33,"tactics":34,"countermeasures":38},"T1539","Steal Web Session Cookie",[35],{"id":36,"name":37},"TA0031","Credential Access",[39,44,49,53,58,63,67,71,76],{"id":40,"name":41,"tactic":42},"D3-CCSA","Credential Compromise Scope Analysis",{"name":43},"Detect",{"id":45,"name":46,"tactic":47},"D3-CR","Credential Revocation",{"name":48},"Evict",{"id":50,"name":51,"tactic":52},"D3-ANCI","Authentication Cache Invalidation",{"name":48},{"id":54,"name":55,"tactic":56},"D3-DUC","Decoy User Credential",{"name":57},"Deceive",{"id":59,"name":60,"tactic":61},"D3-CH","Credential Hardening",{"name":62},"Harden",{"id":64,"name":65,"tactic":66},"D3-MFA","Multi-factor Authentication",{"name":62},{"id":68,"name":69,"tactic":70},"D3-CRO","Credential Rotation",{"name":62},{"id":72,"name":73,"tactic":74},"D3-RIC","Reissue Credential",{"name":75},"Restore",{"id":77,"name":78,"tactic":79},"D3-CTS","Credential Transmission Scoping",{"name":80},"Isolate",{"id":82,"name":83,"techniques":84},"CAPEC-39","Manipulating Opaque Client-based Data Tokens",[],[],[],[],[89,91,93],{"_key":90},"OPENSUSE-SU-2026:20460-1",{"_key":92},"OPENSUSE-SU-2026:10487-1",{"_key":94},"DEBIAN-CVE-2026-5277",[],[97,98],{"_key":90},{"_key":92},"2026-04-01T04:41:31.378Z","2026-04-02T03:55:46.701Z","Analyzed",{"cisa_kev":103,"cisa_ransomware":103,"cisa_vendor":9,"epss_severity":104,"epss_score":105,"severity":106,"severity_score":107,"severity_version":108,"severity_source":109,"severity_vector":110,"severity_status":101},false,"low",0.00052,"high",7.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",[112,118],{"url":113,"sources":114,"tags":116},"https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html",[109,115],"nvd",[117],"Vendor Advisory",{"url":119,"sources":120,"tags":121},"https://issues.chromium.org/issues/489791424",[109,115],[122,123],"Issue Tracking","Permissions Required",[],{"date":126,"score":105,"percentile":127},"2026-05-22",0.16456,[129,133,137,140,143,146,149,153,156,159,162,165,168,171,174,177,180,183,186,189,192,196,199,202,205,208,211,214,217,220,223,226,229,233,236,239,242,245,248,251,254,257,260,263,266,269,272,275,278,281,284,287],{"date":130,"score":131,"percentile":132},"2026-04-01",0.00035,0.10169,{"date":134,"score":135,"percentile":136},"2026-04-02",0.00063,0.19728,{"date":138,"score":135,"percentile":139},"2026-04-03",0.19752,{"date":141,"score":135,"percentile":142},"2026-04-04",0.19778,{"date":144,"score":135,"percentile":145},"2026-04-05",0.19746,{"date":147,"score":135,"percentile":148},"2026-04-06",0.19511,{"date":150,"score":151,"percentile":152},"2026-04-07",0.00086,0.24698,{"date":154,"score":151,"percentile":155},"2026-04-08",0.24766,{"date":157,"score":151,"percentile":158},"2026-04-09",0.24812,{"date":160,"score":151,"percentile":161},"2026-04-10",0.24833,{"date":163,"score":151,"percentile":164},"2026-04-11",0.24826,{"date":166,"score":151,"percentile":167},"2026-04-12",0.24786,{"date":169,"score":151,"percentile":170},"2026-04-13",0.24729,{"date":172,"score":151,"percentile":173},"2026-04-14",0.24713,{"date":175,"score":151,"percentile":176},"2026-04-15",0.24764,{"date":178,"score":151,"percentile":179},"2026-04-16",0.24744,{"date":181,"score":151,"percentile":182},"2026-04-17",0.24748,{"date":184,"score":151,"percentile":185},"2026-04-18",0.24736,{"date":187,"score":151,"percentile":188},"2026-04-19",0.24693,{"date":190,"score":151,"percentile":191},"2026-04-20",0.24675,{"date":193,"score":194,"percentile":195},"2026-04-21",0.00028,0.08082,{"date":197,"score":194,"percentile":198},"2026-04-22",0.08107,{"date":200,"score":194,"percentile":201},"2026-04-23",0.08137,{"date":203,"score":194,"percentile":204},"2026-04-24",0.08034,{"date":206,"score":194,"percentile":207},"2026-04-25",0.08013,{"date":209,"score":194,"percentile":210},"2026-04-26",0.07999,{"date":212,"score":194,"percentile":213},"2026-04-27",0.07988,{"date":215,"score":194,"percentile":216},"2026-04-28",0.0797,{"date":218,"score":194,"percentile":219},"2026-04-29",0.07973,{"date":221,"score":194,"percentile":222},"2026-04-30",0.07979,{"date":224,"score":194,"percentile":225},"2026-05-01",0.07931,{"date":227,"score":194,"percentile":228},"2026-05-02",0.07993,{"date":230,"score":231,"percentile":232},"2026-05-03",0.00031,0.08767,{"date":234,"score":231,"percentile":235},"2026-05-04",0.08717,{"date":237,"score":231,"percentile":238},"2026-05-05",0.08715,{"date":240,"score":231,"percentile":241},"2026-05-06",0.08731,{"date":243,"score":231,"percentile":244},"2026-05-07",0.08867,{"date":246,"score":231,"percentile":247},"2026-05-08",0.08895,{"date":249,"score":231,"percentile":250},"2026-05-09",0.08937,{"date":252,"score":231,"percentile":253},"2026-05-10",0.08932,{"date":255,"score":231,"percentile":256},"2026-05-11",0.089,{"date":258,"score":231,"percentile":259},"2026-05-12",0.08928,{"date":261,"score":231,"percentile":262},"2026-05-13",0.08944,{"date":264,"score":231,"percentile":265},"2026-05-14",0.08991,{"date":267,"score":231,"percentile":268},"2026-05-15",0.08993,{"date":270,"score":231,"percentile":271},"2026-05-16",0.09009,{"date":273,"score":231,"percentile":274},"2026-05-17",0.08994,{"date":276,"score":231,"percentile":277},"2026-05-18",0.08945,{"date":279,"score":231,"percentile":280},"2026-05-19",0.08916,{"date":282,"score":231,"percentile":283},"2026-05-20",0.08914,{"date":285,"score":231,"percentile":286},"2026-05-21",0.08892,{"date":126,"score":105,"percentile":127},[289,294],{"source":109,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":290,"cvss_v4_0":9},{"baseScore":107,"baseSeverity":291,"vectorString":110,"impactScore":292,"exploitabilityScore":293},"HIGH",9.8,4.1,{"source":115,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":295,"cvss_v4_0":9},{"baseScore":107,"baseSeverity":291,"vectorString":110,"impactScore":292,"exploitabilityScore":293},[297],{"ecosystem":9,"name":298,"vendor":9,"product":298,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":299},"Chrome",[300,306],{"version":301,"is_range":302,"range_type":303,"version_start":9,"version_start_type":9,"version_end":304,"version_end_type":305,"fixed_in":9},"lt146.0.7680.177",true,"cpe","146.0.7680.177","excluding",{"version":307,"is_range":302,"range_type":109,"version_start":308,"version_start_type":309,"version_end":308,"version_end_type":305,"fixed_in":9},">= 146.0.7680.178, \u003C 146.0.7680.178","146.0.7680.178","including"]