Description
Race in Network in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the network process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-08
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A race condition exists in the network process of Google Chrome on macOS when a remote attacker already controls the network process. The flaw allows the attacker to execute arbitrary code beyond the sandbox by delivering a specially crafted HTML page. This can lead to full system compromise. The weakness is identified as CWE‑362, a concurrent execution issue. Based on the Chromium severity, it is considered high risk.

Affected Systems

The vulnerability affects Google Chrome for macOS versions prior to 149.0.7827.103. All users running those releases are potentially at risk until they update to the referenced release or later.

Risk and Exploitability

The exploitation path requires that an attacker first gain control of Chrome’s network process, after which the crafted HTML triggers a race that breaks out of the sandbox. Although EPSS data is unavailable and the issue is not listed in CISA's KEV catalog, the high Chromium severity and the CVSS score of 8.3 highlight a significant potential impact if exploited, with the nature of a sandbox escape indicating elevated risk. Attackers could leverage this flaw remotely by delivering malicious content over a compromised network channel.

Generated by OpenCVE AI on June 9, 2026 at 12:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to 149.0.7827.103 or newer.
  • Enable automatic updates for Chrome and keep macOS on the latest security patch level.
  • Restrict or remove third‑party extensions that may interact with network content, and use firewall rules or a proxy to block suspicious HTML from untrusted origins.

Generated by OpenCVE AI on June 9, 2026 at 12:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Tue, 09 Jun 2026 13:15:00 +0000

Type Values Removed Values Added
Title Race Condition in Chrome’s Network Process Enables Sandbox Escape on macOS

Tue, 09 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
Title Race Condition in Chrome’s Network Process Enables Sandbox Escape on macOS

Tue, 09 Jun 2026 01:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Mon, 08 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
Description Race in Network in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the network process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-362
References

Subscriptions

Apple Macos
Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-10T03:58:26.151Z

Reserved: 2026-06-08T21:33:49.804Z

Link: CVE-2026-11677

cve-icon Vulnrichment

Updated: 2026-06-09T10:48:31.771Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-09T00:16:50.987

Modified: 2026-06-09T14:52:44.670

Link: CVE-2026-11677

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T13:00:05Z

Weaknesses