Description
Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-08
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Inappropriate implementation in the Views component of Google Chrome on Linux can allow a remote attacker who has already shown control over the renderer process to potentially escape that sandbox by serving a specially crafted HTML page. This escape would give the attacker the same privileges that the renderer runs with on the victim's machine. Chromium labels this flaw as high severity.

Affected Systems

All Chrome installations on Linux running a version prior to 149.0.7827.103 are affected. The vulnerability resides in the renderer, which processes content from HTML before rendering.

Risk and Exploitability

The CVSS score is 8.3 and EPSS is not available, indicating a high severity assessment by Chromium. The flaw is not listed in CISA’s KEV catalog. Exploitation requires delivery of crafted HTML to a compromised renderer; the attacker must already have bypassed initial sandboxing. Consequently, while the vulnerability’s exploitability is non‑trivial, the conditions for successful exploitation are constrained.

Generated by OpenCVE AI on June 9, 2026 at 12:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 149.0.7827.103 or newer on all Linux machines
  • Apply Linux kernel sandboxing tools such as AppArmor or SELinux to further restrict the Chrome renderer
  • Configure Chrome to block or restrict loading of potentially malicious HTML and verify content‑security settings

Generated by OpenCVE AI on June 9, 2026 at 12:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 13:15:00 +0000

Type Values Removed Values Added
Title Potential Sandbox Escape via Crafted HTML in Chrome on Linux

Tue, 09 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Title Potential Sandbox Escape via Crafted HTML in Chrome on Linux

Tue, 09 Jun 2026 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Mon, 08 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-20
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-09T10:50:14.287Z

Reserved: 2026-06-08T21:33:51.666Z

Link: CVE-2026-11682

cve-icon Vulnrichment

Updated: 2026-06-09T10:50:10.832Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T00:16:51.573

Modified: 2026-06-09T11:16:49.543

Link: CVE-2026-11682

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T13:00:05Z

Weaknesses