Description
Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Published: 2026-06-04
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability originates from an out‑of‑bounds write in the GPU subsystem of Chrome on Android. The flaw can be triggered by loading a maliciously crafted HTML page, allowing a remote attacker to escape the browser sandbox and potentially execute code with higher privileges. The weakness is classified as CWE‑787 and is rated as critical by Chromium security.

Affected Systems

Google Chrome for Android versions older than 149.0.7827.53 are affected. The issue exists in the stable channel and was discovered before the June 2026 release.

Risk and Exploitability

The exact CVSS score is not disclosed, but the severity is marked critical and the flaw is potentially exploitable via the network by serving a malicious web page to a user. EPSS data is not available, and the vulnerability is not currently listed in the CISA KEV catalog, yet the Attack Vector is remote through web content. Given the critical nature, the risk is high for exposed devices until patched.

Generated by OpenCVE AI on June 5, 2026 at 01:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to 149.0.7827.53 or newer.
  • For devices that cannot update immediately, disable GPU usage in the browser by clearing the ‘GPU accelerated’ flag or similar through chrome://flags, reducing the attack surface until a patch is available.
  • Enforce device‑level policies to block or sandbox untrusted HTML content and restrict access to unknown websites until the browser is updated.

Generated by OpenCVE AI on June 5, 2026 at 01:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 02:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 01:45:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds GPU Write Enabling Sandbox Escape in Chrome for Android

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Weaknesses CWE-787
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-04T23:03:26.998Z

Reserved: 2026-06-04T17:05:57.442Z

Link: CVE-2026-10892

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T23:16:50.743

Modified: 2026-06-04T23:16:50.743

Link: CVE-2026-10892

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T01:45:27Z

Weaknesses