Description
Integer overflow in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-04
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an integer overflow in Google Chrome’s DevTools that allows a remote attacker to execute arbitrary code inside the browser sandbox. The flaw is rated high severity because the overflow can be triggered by a specially crafted HTML page, giving an attacker the ability to run code with the privileges of the user’s browsing session.

Affected Systems

Any user running Google Chrome version 149.0.7827.53 or earlier on any platform is affected, as the flaw exists in all builds preceding the patched release.

Risk and Exploitability

Exploitation requires a victim to visit a malicious web page that drives DevTools code into the overflow scenario. The attack is remote, does not require local privilege escalation, and operates within the browser’s sandbox. EPSS data is not available and the issue is not listed in the CISA KEV catalog, yet the high CVSS score underscores the seriousness of this flaw. Attackers may use the code execution to exfiltrate data or pivot to more privileged operations.

Generated by OpenCVE AI on June 5, 2026 at 03:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Chrome to version 149.0.7827.53 or newer
  • Apply the Chrome policy named DeveloperToolsAvailability and configure it to "none" to block access to DevTools until the security fix lands
  • Restrict users from visiting untrusted domains that may host the crafted HTML payload, and educate them to avoid opening unknown web content

Generated by OpenCVE AI on June 5, 2026 at 03:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Fri, 05 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 03:30:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Chrome DevTools Enables Remote Code Execution

Fri, 05 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Integer overflow in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-472
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-05T00:21:09.815Z

Reserved: 2026-06-04T17:06:17.438Z

Link: CVE-2026-10965

cve-icon Vulnrichment

Updated: 2026-06-05T00:18:07.451Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-04T23:16:59.610

Modified: 2026-06-05T15:33:33.710

Link: CVE-2026-10965

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T06:15:33Z

Weaknesses