Description
Use after free in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-04
Score: 8.3 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Use-After-Free in ANGLE can be triggered by a crafted HTML page rendered in the Chrome renderer process. If the renderer process has been compromised, an attacker can potentially bypass the browser sandbox to execute code outside of the protected environment. This flaw is a classic use-after-free (CWE-416) and was rated high severity by Chromium.

Affected Systems

The vulnerability affects Google Chrome versions prior to 149.0.7827.53. All users running earlier stable channel releases are potentially exposed until the patch is applied.

Risk and Exploitability

The CVSS score of 8.3 indicates high severity, but no EPSS data are available and the advisory is not listed in CISA’s KEV catalog. Based on the description, it is inferred that exploitation would require an attacker to first compromise the renderer process and then deliver a crafted HTML payload, implying a moderate to high complexity. Because a sandbox escape can grant system-level privileges, the risk of remote code execution is significant and mitigations should be applied promptly.

Generated by OpenCVE AI on June 5, 2026 at 05:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 149.0.7827.53 or later to remove the ANGLE use-after-free flaw.
  • Enable Chrome’s strict sandboxing policies or flags to harden the renderer process if an immediate update is not possible.
  • Deploy a content security policy that blocks or restricts the execution of inline scripts and third-party content in any embedded Chrome instances until the patch is installed.

Generated by OpenCVE AI on June 5, 2026 at 05:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 03:30:00 +0000

Type Values Removed Values Added
Title Use-After-Free in ANGLE Leading to Possible Sandbox Escape via Crafted HTML

Fri, 05 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-05T01:41:53.992Z

Reserved: 2026-06-04T17:06:06.255Z

Link: CVE-2026-10919

cve-icon Vulnrichment

Updated: 2026-06-05T01:38:57.339Z

cve-icon NVD

Status : Received

Published: 2026-06-04T23:16:54.133

Modified: 2026-06-05T02:16:55.830

Link: CVE-2026-10919

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T05:30:32Z

Weaknesses