Description
Integer overflow in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-04
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

ANGLE, a platform abstraction layer within Chrome, contains an integer overflow flaw (CWE-472) that can be triggered by a crafted HTML page. When a renderer process is already compromised, exploiting this overflow may allow the attacker to escape the browser sandbox and execute arbitrary code on the host system. The vulnerability’s primary consequence is the potential loss of confidentiality, integrity, and availability of the victim’s machine.

Affected Systems

All users running Google Chrome versions earlier than 149.0.7827.53 are affected. The flaw resides in the ANGLE component and is present in the stable channel of Chrome prior to that specific revision.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, indicating that current exploitation data is limited. Nevertheless, the attack requires the execution of a crafted HTML page and prior compromise of the renderer process, implying that the threat is primarily relevant to environments where such code could be delivered and the renderer is exposed. The Chromium severity of Medium indicates a notable potential impact. The absence of a publicly known exploit reduces immediate risk, but the potential impact warrants prompt action.

Generated by OpenCVE AI on June 5, 2026 at 04:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to version 149.0.7827.53 or later to receive the ANGLE integer overflow fix.
  • If updating is not immediately possible, disable GPU hardware acceleration or ANGLE usage by launching Chrome with the flags --disable-gpu and --disable-angle to eliminate the vulnerable code path.
  • Continue to patch underlying operating system and browser components, and monitor for any browser extensions or untrusted content that may attempt to exploit renderer processes.

Generated by OpenCVE AI on June 5, 2026 at 04:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 05:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 04:30:00 +0000

Type Values Removed Values Added
Title Integer Overflow in ANGLE Enables Sandbox Escape in Chrome

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Integer overflow in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-472
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-04T23:04:51.501Z

Reserved: 2026-06-04T17:06:47.336Z

Link: CVE-2026-11088

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T23:17:13.690

Modified: 2026-06-04T23:17:13.690

Link: CVE-2026-11088

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T05:30:32Z

Weaknesses