Description
Integer overflow in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-04
Score: 8.3 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in the Dawn graphics engine of Google Chrome allows an integer overflow when parsing a crafted HTML page. The overflow can occur in the renderer process and may lead to a sandbox escape, giving an attacker the ability to execute code outside the browser sandbox. This can potentially result in full system compromise by executing arbitrary code with elevated privileges, as the vulnerability grants the attacker Remote Code Execution capabilities.

Affected Systems

All users running Google Chrome versions prior to 149.0.7827.53 are affected. The vulnerability was reported in the stability channel release notes for June 2026, so any platform that runs the affected Chrome build is at risk.

Risk and Exploitability

The CVE is rated high in Chromium severity and is not listed in the CISA KEV catalog. The CVSS score of 8.3 indicates a high severity. No EPSS score is available, so the exploitation probability is not quantified. The likely attack vector requires an attacker to compromise the renderer process, which typically involves tricking a user into visiting a malicious web page. Once the renderer process is compromised, the integer overflow can promote the attacker to a sandbox escape, enabling remote code execution with potentially system-level privileges.

Generated by OpenCVE AI on June 5, 2026 at 05:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Chrome 149.0.7827.53 or later as released by Google.
  • Enable automatic updates to receive the latest security patches immediately.
  • If upgrading is delayed, run Chrome inside a confined or virtualized environment to restrict the impact of a potential sandbox escape.

Generated by OpenCVE AI on June 5, 2026 at 05:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 06:15:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Dawn Rendering Engine Allowing Sandbox Escape in Google Chrome

Fri, 05 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Dawn Rendering Engine Allowing Sandbox Escape in Google Chrome

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Integer overflow in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-472
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-05T01:41:24.017Z

Reserved: 2026-06-04T17:06:06.719Z

Link: CVE-2026-10921

cve-icon Vulnrichment

Updated: 2026-06-05T01:38:48.462Z

cve-icon NVD

Status : Received

Published: 2026-06-04T23:16:54.390

Modified: 2026-06-05T02:16:56.160

Link: CVE-2026-10921

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T06:00:06Z

Weaknesses