Description
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-04
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the untrusted input validation of the ANGLE graphics driver in Google Chrome allows a remote attacker to potentially execute code outside the browser sandbox by serving a maliciously crafted HTML page. This weakness (CWE‑20) can compromise the confidentiality, integrity, and availability of the host system. The vulnerability is triggered by an attacker delivering specially crafted content to a vulnerable Chrome user, enabling a sandbox escape and possible full-system compromise.

Affected Systems

Google Chrome browsers built before version 149.0.7827.53 are affected. Users should verify their installed version and update accordingly.

Risk and Exploitability

The vulnerability carries a high severity rating. No EPSS score is available and the CVE is not listed in the CISA KEV catalog, indicating that while the flaw is serious, its exploitation prevalence has not yet been confirmed. An attacker would need to create a malicious HTML page and entice a user (or a vulnerable web page) to load it in the affected browser. This attack vector is remote and could be delivered via compromised websites or phishing emails, making it a significant threat to any system running an outdated Chrome browser.

Generated by OpenCVE AI on June 5, 2026 at 03:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 149.0.7827.53 or later
  • If an immediate update is not possible, restrict the browser from loading untrusted content by configuring proxy or firewall rules to block access to known malicious hosts until the update can be applied
  • In managed environments, use Chrome management policies to enforce automatic update checks and installations so that all endpoints receive the patch as soon as it becomes available

Generated by OpenCVE AI on June 5, 2026 at 03:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 07:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 03:30:00 +0000

Type Values Removed Values Added
Title ANGLE Input Validation Flaw Enabling Sandbox Escape in Google Chrome

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-20
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-04T23:04:03.791Z

Reserved: 2026-06-04T17:06:19.714Z

Link: CVE-2026-10974

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T23:17:00.623

Modified: 2026-06-04T23:17:00.623

Link: CVE-2026-10974

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T07:15:20Z

Weaknesses