Full Report
Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all of them found by an autonomous AI agent. The same week, Google shipped Chrome 149 with patches for 429 security bugs, the most ever in a single release. Only the FFmpeg bugs were found by AI.
Analysis Summary
# Vulnerability: Multiple Zero-Days in FFmpeg and Critical Sandbox Escape in Chrome
## CVE Details
**FFmpeg Findings:**
- **CVE ID:** CVE-2026-39210 through CVE-2026-39218 (9 identified; 12 additional fixed but pending IDs)
- **CVSS Score:** Not explicitly rated (High/Critical potential based on bug types)
- **CWE:** CWE-121 (Stack-based Buffer Overflow), CWE-122 (Heap-based Buffer Overflow)
**Chrome Release (Key Bug):**
- **CVE ID:** CVE-2026-10881
- **CVSS Score:** 9.6 (Critical)
- **CWE:** CWE-125 (Out-of-bounds Read), CWE-787 (Out-of-bounds Write)
## Affected Systems
- **Products:**
- FFmpeg media library (integrated into VLC, YouTube, Python wheels, container images, etc.)
- Google Chrome Browser
- ANGLE Graphics Engine
- **Versions:**
- FFmpeg: Legacy versions (bugs date back to 2003); fixed in newest upstream builds.
- Chrome: Versions prior to 149.0.7827.53
- **Configurations:** Systems ingesting untrusted media streams, specifically RTSP or AV1-over-RTP; browsers visiting malicious web pages.
## Vulnerability Description
- **FFmpeg:** 21 vulnerabilities were discovered by an autonomous AI agent (depthfirst). These consist primarily of heap and stack overflows within media parsers and demuxers (including the Service Description Table/SDT code, TS demuxer, and VP9 decoder). One stack overflow had been latent in the codebase for 23 years.
- **Chrome/ANGLE:** CVE-2026-10881 involves an out-of-bounds read/write flaw in the ANGLE graphics engine. This allows a specifically crafted web page to achieve a sandbox escape, enabling arbitrary code execution on the host operating system.
## Exploitation
- **Status:** PoC available for FFmpeg (published by DepthFirstDisclosures on GitHub). No known "in-the-wild" exploitation reported, but volume of bugs is significant.
- **Complexity:** Medium
- **Attack Vector:** Network (Remote via malicious media file or web page)
## Impact
- **Confidentiality:** High (Potential for memory disclosure and data theft)
- **Integrity:** High (Code execution and sandbox escape)
- **Availability:** High (Application crashes and system instability)
## Remediation
### Patches
- **FFmpeg:** Update to the latest upstream build or version 8.1+. Users must check embedded copies in Python wheels and container images.
- **Chrome:** Update to version **149.0.7827.53** (Linux) or **149.0.7827.53/54** (Windows/macOS).
### Workarounds
- Disable or restrict the ingestion of untrusted media formats if patching is not immediately possible.
- Use network-level filtering to block RTSP and RTP traffic from untrusted sources.
## Detection
- **Indicators of Compromise:** Unusual application crashes when processing media files; unexpected outbound network traffic from media-processing services.
- **Detection methods and tools:**
- Use Software Bill of Materials (SBOM) tools to identify embedded FFmpeg versions.
- Monitor for heap/stack buffer overflow signatures via EDR/HIPS.
## References
- depthfirst Research: [https://depthfirst.com/research/21-zero-days-in-ffmpeg]
- Chrome Stable Channel Update: [https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html]
- FFmpeg Security: [https://ffmpeg.org/security.html]
- PoC Repository: [https://github.com/DepthFirstDisclosures/ffmpeg-dfvuln127]