Description
Insufficient validation of untrusted input in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-05-28
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw lies in Skia, the graphics engine used by Chrome on Android. The library does not properly validate untrusted input from browser content, corresponding to CWE-20 and CWE-1289. A crafted HTML page can trigger the validator, enabling an attacker who already compromised the renderer process to escape the browser sandbox. If successful, the attacker could run code with the same privileges as the Chrome app or beyond.

Affected Systems

Google Chrome for Android users running any version before 148.0.7778.216 are affected. The issue exists on the stable channel and earlier releases, so all Android devices that have not applied the latest update are vulnerable.

Risk and Exploitability

The CVSS score of 8.3 indicates high severity. The EPSS score of less than 1% suggests a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog, indicating no known active exploitation at this time. The attack requires that the attacker already runs arbitrary code in the renderer process – for example, by tricking the user into visiting a malicious website or through a cross‑site scripting vector. Once that condition is met, a crafted HTML page can trigger the Skia flaw to escape the sandbox. The combination of requirements means that exploitation is unlikely, but if it occurs the impact would be high, making timely remediation important.

Generated by OpenCVE AI on May 29, 2026 at 17:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome on all Android devices to version 148.0.7778.216 or later, which includes the Skia input validation fix.
  • Ensure the Android operating system is kept up to date, as newer OS releases include tighter sandbox enforcement that helps mitigate escape attempts even if the browser is only partially patched.
  • Enable Chrome’s Site Isolation and Safe Browsing features to add an extra layer of protection against renderer compromise.

Generated by OpenCVE AI on May 29, 2026 at 17:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Fri, 29 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title Skia Input Validation Failure in Chrome on Android Allows Sandbox Escape chromium-browser: Insufficient validation of untrusted input in Skia
Weaknesses CWE-1289
References
Metrics threat_severity

None

 cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

threat_severity

Moderate

Fri, 29 May 2026 00:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 28 May 2026 23:45:00 +0000

Type Values Removed Values Added
Title Skia Input Validation Failure in Chrome on Android Allows Sandbox Escape

Thu, 28 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description Insufficient validation of untrusted input in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-20
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-29T15:58:00.344Z

Reserved: 2026-05-28T17:25:15.873Z

Link: CVE-2026-10020

cve-icon Vulnrichment

Updated: 2026-05-29T15:57:57.413Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-28T23:16:43.887

Modified: 2026-05-29T16:16:22.460

Link: CVE-2026-10020

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-10020 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T17:45:04Z

Weaknesses