EIP-2026-102617

PRE-CVE

Google Chrome - GPU Process MailboxManagerImpl Double-Read

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102617. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a use-after-free vulnerability in the GPU command buffer service by manipulating shared memory references to the mailbox manager, leading to memory corruption in the GPU process. The PoC demonstrates the issue by triggering a race condition during mailbox name modification.

Description

Google Chrome - GPU Process MailboxManagerImpl Double-Read

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoslinux

https://www.exploit-db.com/exploits/39961

View Code ZIP pw:eip

This exploit leverages a use-after-free vulnerability in the GPU command buffer service by manipulating shared memory references to the mailbox manager, leading to memory corruption in the GPU process. The PoC demonstrates the issue by triggering a race condition during mailbox name modification.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Complex

Reliability

Racy

Target: Chromium GPU command buffer service (specific version not specified)

No auth needed

Prerequisites: Access to the GPU command buffer service · Ability to manipulate shared memory

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1211 - Exploitation for Defense Evasion

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026