Description
Out of bounds write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-04
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow flaw exists in ANGLE, the graphics engine component of Google Chrome. The vulnerability enables an out‑of‑bounds write, which can corrupt heap data structures. This heap corruption can be leveraged by a remote attacker to achieve arbitrary code execution on the victim machine. The weakness is identified by CWE‑787.

Affected Systems

All installations of Google Chrome earlier than version 149.0.7827.53 are vulnerable. This includes the stable channel releases for Windows, macOS, Linux and other supported operating systems.

Risk and Exploitability

Because the flaw can be triggered by a specially crafted HTML page served to a user, the attack vector is a malicious web site or content delivered via email or other web traffic. No publicly available exploits have been reported, and the EPSS score is not available. The Chrome advisory rates the vulnerability as high severity, with a CVSS score of 8.8. Although the risk cannot be quantified precisely, the absence from the CISA KEV catalog and the high severity suggest a moderate to high risk that warrants prompt mitigation.

Generated by OpenCVE AI on June 5, 2026 at 05:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 149.0.7827.53 or later.
  • Temporarily disable hardware acceleration by clearing the GPU preference or launching Chrome with the --disable-gpu flag if the patch cannot be applied immediately.
  • Ensure that the operating system and all installed security software are current; system updates may provide additional safeguards against exploitation.
  • Monitor Google update channels for future security patches and advisory releases.

Generated by OpenCVE AI on June 5, 2026 at 05:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 06:15:00 +0000

Type Values Removed Values Added
Title Out of Bounds Write in ANGLE in Google Chrome Enables Heap Corruption

Fri, 05 Jun 2026 03:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Out of bounds write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-787
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-05T01:51:51.520Z

Reserved: 2026-06-04T17:06:01.938Z

Link: CVE-2026-10907

cve-icon Vulnrichment

Updated: 2026-06-05T01:50:49.927Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-04T23:16:52.567

Modified: 2026-06-05T15:02:34.977

Link: CVE-2026-10907

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T06:00:06Z

Weaknesses