Description
Out of bounds read in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-04
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds read in the DevTools component of Google Chrome allowed an attacker to execute arbitrary code within the browser’s sandbox by loading a specially crafted HTML page. The flaw arises from improper bounds checking and permits code execution inside the sandboxed context.

Affected Systems

The vulnerability affects Google Chrome installations before version 149.0.7827.53. Users running earlier stable releases are potentially exposed if they open malicious HTML pages.

Risk and Exploitability

The attack vector is remote, delivered via a crafted web page that exploits an out-of-bounds read in DevTools. No official EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. The Chromium security severity is Low, suggesting a lower likelihood of high‑impact exploitation. Even so, the flaw enables remote code execution inside the browser’s sandbox, warranting prompt action. The CVSS score is 8.8, indicating a high severity.

Generated by OpenCVE AI on June 5, 2026 at 05:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 149.0.7827.53 or later using the official stable channel update.
  • Ensure automatic updates are enabled so that the browser receives security patches promptly.
  • If an update cannot be applied immediately, avoid opening unknown or untrusted HTML files and restrict access to DevTools using policy settings where possible.

Generated by OpenCVE AI on June 5, 2026 at 05:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 05:45:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Read Leading to Remote Code Execution via DevTools

Fri, 05 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 01:45:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Read Leading to Remote Code Execution via DevTools

Fri, 05 Jun 2026 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 04 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
Description Out of bounds read in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
Weaknesses CWE-125
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-05T00:40:28.677Z

Reserved: 2026-06-04T17:11:13.644Z

Link: CVE-2026-11279

cve-icon Vulnrichment

Updated: 2026-06-05T00:40:09.454Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-05T00:17:05.140

Modified: 2026-06-05T15:02:34.977

Link: CVE-2026-11279

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T05:30:32Z

Weaknesses