Description
Out of bounds write in Skia in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-04
Score: 8.3 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds memory write was discovered in Skia, the graphics library used by Google Chrome on macOS. The flaw is triggered by a crafted HTML page that an attacker can deliver to a user who already has a compromised renderer process. If exploited, the write may corrupt critical memory structures and enable the attacker to escape the renderer sandbox, potentially giving full system control on the victim’s machine. The weakness is classified as CWE‑787, reflecting a missing bounds check before a memory write.

Affected Systems

Google Chrome for macOS versions prior to 149.0.7827.53 are affected. The issue exists only in the stable channel on macOS; any release 149.0.7827.52 or earlier can be exploited. A patch was released with the 149.0.7827.53 update, which removes the Skia buffer overshoot.

Risk and Exploitability

The vulnerability has a high severity rating, and although the EPSS score is not available, the fact that it is not listed in the CISA KEV catalog suggests no widespread public exploits have been reported yet. Nevertheless, any compromised renderer process—such as from malicious web content—could be leveraged to perform a sandbox escape, granting the attacker complete control over the user’s device if the exploit succeeds. Organizations should treat the risk as high in environments where users routinely visit untrusted web content.

Generated by OpenCVE AI on June 5, 2026 at 05:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Chrome 149.0.7827.53 or any later stable release on all macOS systems.
  • Ensure that the Chrome renderer sandbox is enabled; verify that the renderer processes run with sandboxed execution flags.
  • Reduce exposure by disabling untrusted extensions and limiting the rendering of external web content, and monitor the browser for abnormal renderer activity.

Generated by OpenCVE AI on June 5, 2026 at 05:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 06:15:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Write in Skia Allowing Potential Sandbox Escape on macOS Chrome

Fri, 05 Jun 2026 03:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Write in Skia Allowing Potential Sandbox Escape on macOS Chrome
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Fri, 05 Jun 2026 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Out of bounds write in Skia in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-787
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-05T01:40:54.044Z

Reserved: 2026-06-04T17:06:07.703Z

Link: CVE-2026-10925

cve-icon Vulnrichment

Updated: 2026-06-05T01:38:38.583Z

cve-icon NVD

Status : Received

Published: 2026-06-04T23:16:54.870

Modified: 2026-06-05T02:16:56.500

Link: CVE-2026-10925

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T06:00:06Z

Weaknesses