Description
Insufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-04
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Insufficient policy enforcement in the Chrome sandbox on Linux allows a remote attacker to reach a state in which code may execute with the privileges of the browser process by serving a crafted HTML page. The CVE description indicates a potential sandbox escape, but does not explicitly state what assets may be accessed or what actions can be performed once the sandbox is bypassed. Therefore the known impact is the loss of sandbox containment, with the actual consequences remaining undefined by the available data.

Affected Systems

Google Chrome running on Linux systems with stable‑channel builds earlier than version 149.0.7827.53 is affected. All Linux distributions that use the standard Chrome release channel before this update are vulnerable.

Risk and Exploitability

The vulnerability is marked as low severity by Chromium, and no EPSS metric is available. It is not listed in the CISA KEV catalog, indicating no widespread exploitation has been reported. The likely attack vector involves a remote attacker hosting a malicious HTML page that a victim must load, such as through phishing or social engineering. Because the analysis does not provide evidence of any direct exploitation code, the risk is considered low pending patch deployment.

Generated by OpenCVE AI on June 5, 2026 at 01:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 149.0.7827.53 or newer on all Linux machines.
  • Restrict exposure to untrusted HTML content by disabling JavaScript or applying strict content security policies for sites that are not verified.
  • Monitor browser activity and system logs for unexpected privilege escalation or abnormal process behavior that may indicate a sandbox escape attempt.

Generated by OpenCVE AI on June 5, 2026 at 01:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 01:45:00 +0000

Type Values Removed Values Added
Title Sandbox Escape Vulnerability in Google Chrome on Linux
Weaknesses CWE-284

Fri, 05 Jun 2026 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 04 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
Description Insufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-04T23:06:17.283Z

Reserved: 2026-06-04T17:11:14.516Z

Link: CVE-2026-11282

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-05T00:17:05.537

Modified: 2026-06-05T00:17:05.537

Link: CVE-2026-11282

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T01:30:25Z

Weaknesses