Description
Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-04
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the way Google Chrome enforces policy on Web Bluetooth allows an attacker who has already compromised the renderer process to escape the sandbox. The vulnerability involves improper validation of the Bluetooth device's access permissions (CWE‑602) and missing authorization controls (CWE‑280), leading to potential privilege escalation. Once the sandbox is breached, the attacker can execute arbitrary code with the renderer process’s privileges. Chromium reviewers rated the defect as low severity, indicating that while the technical impact is significant, the conditions for exploitation are restrictive.

Affected Systems

The issue affects the Google Chrome browser on desktop platforms. All versions prior to 149.0.7827.53 are susceptible, as the fix was implemented in that release. The vulnerability is present in the Web Bluetooth implementation used by Chrome's renderer process.

Risk and Exploitability

Exploitation requires an attacker to have already compromised the renderer process or otherwise subvert Chrome's sandbox. The CVSS score of 8.3 indicates a high severity, while the EPSS score of <1% and the absence from the CISA KEV catalog suggest a low probability of widespread exploitation. However, once the sandbox is breached, the attacker can execute arbitrary code with the renderer process’s privileges. The primary attack vector is inferred to be a crafted web page that leverages the Web Bluetooth API, requiring the victim to interact with it in a browser run by Chrome.

Generated by OpenCVE AI on June 7, 2026 at 16:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to version 149.0.7827.53 or later, which contains the policy enforcement fix.
  • Disable Web Bluetooth in Chrome by setting the appropriate enterprise policy or toggling the flag in chrome://flags to prevent the API from being available.
  • Block or restrict Bluetooth adapter usage on the host, for example by turning off Bluetooth or applying system firewall rules to block BLE traffic.

Generated by OpenCVE AI on June 7, 2026 at 16:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6325-1 chromium security update
History

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Sun, 07 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Title Web Bluetooth Policy Failure Enables Sandbox Escape in Chrome chromium-browser: Insufficient policy enforcement in Web Bluetooth
Weaknesses CWE-280
References
Metrics threat_severity

None

 threat_severity

Low

Fri, 05 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Title Web Bluetooth Policy Failure Enables Sandbox Escape in Chrome

Fri, 05 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
Title Chrome Web Bluetooth Policy Flaw Allows Sandbox Escape
Weaknesses CWE-269
CWE-284

Fri, 05 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-602
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 06:00:00 +0000

Type Values Removed Values Added
Title Chrome Web Bluetooth Policy Flaw Allows Sandbox Escape
Weaknesses CWE-269
CWE-284

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-05T13:25:39.587Z

Reserved: 2026-06-04T17:10:59.275Z

Link: CVE-2026-11236

cve-icon Vulnrichment

Updated: 2026-06-05T13:25:35.187Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-04T23:17:31.533

Modified: 2026-06-09T18:42:40.817

Link: CVE-2026-11236

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-02T00:00:00Z

Links: CVE-2026-11236 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-07T16:45:04Z

Weaknesses
  • CWE-280

    Improper Handling of Insufficient Permissions or Privileges

  • CWE-602

    Client-Side Enforcement of Server-Side Security