Description
Heap buffer overflow in ANGLE in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-04
Score: 8.3 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a heap buffer overflow (CWE‑122) in the ANGLE graphics layer of Google Chrome on Android prior to version 149.0.7827.53. A malicious HTML page processed by a compromised renderer process can trigger the overflow, allowing the attacker to escape the browser sandbox and potentially execute arbitrary code on the device.

Affected Systems

All users running Google Chrome on Android with a version older than 149.0.7827.53 are affected. The issue is limited to the Chrome rendering engine and does not impact other Google products.

Risk and Exploitability

Chromium rates the vulnerability as high severity (CVSS 8.3). No EPSS score is available and it is not listed in the CISA KEV catalog. Exploitation requires an attacker to first compromise the renderer process, which can happen via malicious web content. Once the renderer is compromised, the heap overflow can be leveraged to escape the sandbox, creating a significant risk of remote code execution.

Generated by OpenCVE AI on June 5, 2026 at 05:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to version 149.0.7827.53 or later, which contains the ANGLE heap overflow patch.
  • If an immediate update is not possible, limit browsing to trusted sites only until the patch is installed.
  • Ensure Chrome’s automatic updates are enabled so that future security fixes are applied promptly.

Generated by OpenCVE AI on June 5, 2026 at 05:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 05:45:00 +0000

Type Values Removed Values Added
Title ANGLE Heap Buffer Overflow Allowing Sandbox Escape in Chrome on Android

Fri, 05 Jun 2026 03:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Fri, 05 Jun 2026 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Heap buffer overflow in ANGLE in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-122
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-05T01:40:22.900Z

Reserved: 2026-06-04T17:06:08.660Z

Link: CVE-2026-10929

cve-icon Vulnrichment

Updated: 2026-06-05T01:38:28.784Z

cve-icon NVD

Status : Received

Published: 2026-06-04T23:16:55.323

Modified: 2026-06-05T02:16:57.177

Link: CVE-2026-10929

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T05:30:32Z

Weaknesses