Description
Integer overflow in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a malicious file. (Chromium security severity: High)
Published: 2026-06-04
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An integer overflow occurs in the Media component of Google Chrome, allowing a remote attacker to execute arbitrary code inside the browser sandbox. The flaw is triggered by a malicious file and is classified as high severity by Chromium security. If exploited, the attacker can bypass the sandbox and run code with the privileges of the browser process.

Affected Systems

All users running Google Chrome versions earlier than 149.0.7827.53 are affected. This includes the stable channel releases prior to the update announced in June 2026.

Risk and Exploitability

The exploit requires a remote attacker to supply a crafted media file that causes the overflow. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, but the high severity rating (CVSS 8.8) and the ability to escape sandbox isolation indicate a significant security risk. Because the flaw leads to arbitrary code execution, the attacker could potentially compromise the underlying operating system if additional privilege escalation steps are successful.

Generated by OpenCVE AI on June 5, 2026 at 05:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 149.0.7827.53 or later, which contains the fix for the integer overflow.
  • Ensure that automatic updates are enabled so the browser remains up to date with security patches.
  • If an update is not immediately available, avoid opening or executing suspicious media files and consider using a different browser that has already addressed the issue.

Generated by OpenCVE AI on June 5, 2026 at 05:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 06:00:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Chrome Media Allows Arbitrary Code Execution

Fri, 05 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 02:00:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Chrome Media Allows Arbitrary Code Execution

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Integer overflow in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a malicious file. (Chromium security severity: High)
Weaknesses CWE-472
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-05T01:50:49.781Z

Reserved: 2026-06-04T17:06:22.607Z

Link: CVE-2026-10986

cve-icon Vulnrichment

Updated: 2026-06-05T01:50:31.995Z

cve-icon NVD

Status : Received

Published: 2026-06-04T23:17:01.980

Modified: 2026-06-05T02:17:03.303

Link: CVE-2026-10986

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T05:45:33Z

Weaknesses