cve 2026 2648

CVE-2026-2648 is a high-severity heap buffer overflow vulnerability in Chromium's PDFium PDF rendering engine. Patched in Chrome 145.0.7632.109 and sibling builds, the flaw allows a specially crafted PDF to trigger out-of-bounds writes, potentially enabling remote code execution from a web context. Google's February 18, 2026 Stable update lists the issue among three security fixes, reported by researcher soiax. This tag covers discussion of the vulnerability, its impact, and the patch details for Windows users running Chromium-based browsers.