CVE-2026-10929 - Vulnerability Details

- chromium-browser: Heap buffer overflow in ANGLE

Description

Heap buffer overflow in ANGLE in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Published: 2026-06-04

Score: 8.3 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw is a heap buffer overflow (CWE–120 and CWE–122) in the ANGLE graphics layer of Google Chrome on Android prior to version 149.0.7827.53. A malicious HTML page processed by a compromised renderer process can trigger the overflow, allowing the attacker to escape the browser sandbox. Based on the description, it is inferred that the escape could enable execution of arbitrary code on the device.

Affected Systems

All users running Google Chrome on Android with a version older than 149.0.7827.53 are affected. The issue is limited to the Chrome rendering engine and does not impact other Google products.

Risk and Exploitability

Chromium rates the vulnerability as high severity (CVSS 8.3). The EPSS score of <1% indicates a low probability of exploitation, and it is not listed in the CISA KEV catalog. Exploitation requires an attacker to first compromise the renderer process, which can happen via malicious web content. Once the renderer is compromised, the heap overflow can be leveraged to escape the sandbox, potentially leading to remote code execution – this outcome is inferred from the provided details.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Google

Chrome

affected

Version	Status	Constraints
`149.0.7827.53`	affected	< 149.0.7827.53

Configuration 1 [-]

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Google

Chrome

100%

Version	Status	Scheme	Platform
`[149.0.7827.53,149.0.7827.53)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update Chrome to version 149.0.7827.53 or later, which contains the ANGLE heap overflow patch.
If an immediate update is not possible, limit browsing to trusted sites only until the patch is installed.
Ensure Chrome’s automatic updates are enabled so that future security fixes are applied promptly.

Generated by OpenCVE AI on June 7, 2026 at 16:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DSA	DSA-6325-1	chromium security update

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0031.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html
https://issues.chromium.org/issues/500429259
https://nvd.nist.gov/vuln/detail/CVE-2026-10929
https://www.cve.org/CVERecord?id=CVE-2026-10929

History

Sun, 07 Jun 2026 12:15:00 +0000

Type	Values Removed	Values Added
Title	ANGLE Heap Buffer Overflow Allowing Sandbox Escape in Chrome on Android	chromium-browser: Heap buffer overflow in ANGLE
Weaknesses		CWE-120
References		https://nvd.nist.gov/vuln/detail/CVE-2026-10929 https://www.cve.org/CVERecord?id=CVE-2026-10929
Metrics	threat_severity `None`	threat_severity `Important`

Fri, 05 Jun 2026 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google android
CPEs		cpe:2.3:a:google:chrome:::::::: cpe:2.3:o:google:android:-:::::::*
Vendors & Products		Google android

Fri, 05 Jun 2026 05:45:00 +0000

Type	Values Removed	Values Added
Title		ANGLE Heap Buffer Overflow Allowing Sandbox Escape in Chrome on Android

Fri, 05 Jun 2026 03:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 05 Jun 2026 02:30:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}`

Fri, 05 Jun 2026 01:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google Google chrome
Vendors & Products		Google Google chrome

Thu, 04 Jun 2026 23:15:00 +0000

Type	Values Removed	Values Added
Description		Heap buffer overflow in ANGLE in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses		CWE-122
References		https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/500429259

Subscriptions

Google Android Chrome

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2026-06-04T23:03:43.009Z

Updated: 2026-06-05T01:40:22.900Z

Reserved: 2026-06-04T17:06:08.660Z

Link: CVE-2026-10929

Vulnrichment

Updated: 2026-06-05T01:38:28.784Z

NVD

Status : Analyzed

Published: 2026-06-04T23:16:55.323

Modified: 2026-06-05T20:10:26.850

Link: CVE-2026-10929

Redhat

Severity : Important

Publid Date: 2026-06-02T00:00:00Z

Links: CVE-2026-10929 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-07T16:30:04Z

Weaknesses

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-122
Heap-based Buffer Overflow

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object