Description
Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-11
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Inappropriate implementation in DevTools allows a remote attacker who has already compromised the renderer process to potentially escape the sandbox by loading a crafted HTML page. The vulnerability is classified as High severity by Chromium and enables an attacker to gain higher privileges than the sandbox permits, potentially executing arbitrary code on the host system.

Affected Systems

Google Chrome versions prior to 149.0.7827.115 are affected. Users should verify their installed Chrome version and upgrade if older than this release.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. However, the high severity rating implies significant risk for systems exposed to untrusted web content. The attack vector requires a remote attacker to trick a compromised renderer process, likely through a malicious website or local exploitation combined with a web interface. The absence of a CVSS score limits precise numerical risk assessment, but the known high severity suggests that exploitation could lead to privilege escalation.

Generated by OpenCVE AI on June 11, 2026 at 22:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 149.0.7827.115 or later to obtain the vendor patch.
  • Restrict the execution of untrusted HTML content by disabling or restricting DevTools features in heavily guarded environments.
  • As a temporary measure, consider disabling DevTools in Chrome via group policy or enterprise settings until an official update is applied.

Generated by OpenCVE AI on June 11, 2026 at 22:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
Title Remote Sandbox Escape via DevTools in Google Chrome

Thu, 11 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 11 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-20
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-11T20:48:08.143Z

Reserved: 2026-06-11T18:16:04.807Z

Link: CVE-2026-12016

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-11T22:16:54.157

Modified: 2026-06-11T22:16:54.157

Link: CVE-2026-12016

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T22:45:05Z

Weaknesses
  • CWE-20

    Improper Input Validation