Description
Bad cast in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-04
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from an improper cast in the Dawn rendering engine, leading to an out‑of‑bounds read (CWE‑125) and type misuse causing undefined behavior (CWE‑843). This flaw allows a remote attacker to craft an HTML page that, when opened in Chrome, grants arbitrary code execution inside the browser’s sandbox. The attack can compromise the confidentiality, integrity, or availability of the sandboxed process, and potentially elevate to full system compromise if the sandbox is bypassed.

Affected Systems

This issue affects Google Chrome browsers version 149.0.7827.x and earlier on all supported operating systems, including Windows, macOS, and Linux. The vulnerability does not exist in newer releases of Chrome that include the patch contained in version 149.0.7827.53.

Risk and Exploitability

The CVSS score is 8.8, indicating high severity. The EPSS score is <1%, indicating low but non‑zero exploitation probability. The vulnerability is not listed in CISA’s KEV catalog, suggesting it has not yet been widely exploited. An attacker would need to trick a user into opening a malicious HTML page in the vulnerable version of Chrome; thus the attack vector is likely web‑based. Once triggered, arbitrary code executes within the sandboxed renderer process, which could facilitate further exploitation by leveraging the out‑of‑bounds read (CWE‑125) and type confusion (CWE‑843) in Dawn.

Generated by OpenCVE AI on June 7, 2026 at 15:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 149.0.7827.53 or later.
  • Ensure automatic updates are enabled so future patches are applied promptly.
  • Restrict access to untrusted HTML content by configuring Chrome’s Safe Browsing or content filtering features until the browser is updated.

Generated by OpenCVE AI on June 7, 2026 at 15:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6325-1 chromium security update
History

Sun, 07 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Title Dawn Out‑of‑Bounds Cast Causing Remote Code Execution in Chrome chromium-browser: Out of bounds read in Dawn
Weaknesses CWE-843
References
Metrics threat_severity

None

 threat_severity

Moderate

Sat, 06 Jun 2026 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Fri, 05 Jun 2026 03:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 03:00:00 +0000

Type Values Removed Values Added
Title Dawn Out‑of‑Bounds Cast Causing Remote Code Execution in Chrome

Fri, 05 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Bad cast in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-125
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-06T03:56:29.156Z

Reserved: 2026-06-04T17:06:44.671Z

Link: CVE-2026-11077

cve-icon Vulnrichment

Updated: 2026-06-05T00:40:27.286Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-04T23:17:12.410

Modified: 2026-06-06T01:39:52.157

Link: CVE-2026-11077

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-02T00:00:00Z

Links: CVE-2026-11077 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-07T15:30:04Z

Weaknesses
  • CWE-125

    Out-of-bounds Read

  • CWE-843

    Access of Resource Using Incompatible Type ('Type Confusion')