Description
Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-17
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a race condition in Chrome’s Safe Browsing subsystem on macOS that can allow a remote attacker who has already compromised the renderer process to escape the sandbox through a specially crafted HTML page. This race condition can lead to uncontrolled execution of code outside the sandbox, effectively resulting in local privilege escalation or remote code execution, depending on the context. The flaw is identified as CWE-362 and CWE-368.

Affected Systems

Affected systems are Google Chrome browsers running on macOS with versions prior to 149.0.7827.155. The issue stems from the Safe Browsing implementation and is specific to the macOS build of Chrome. No other vendors or products are listed as impacted.

Risk and Exploitability

The CVSS score of 8.3 indicates a high-risk flaw while the EPSS score of less than 1% suggests that exploitation may be rare. The flaw is not in CISA’s KEV catalog, so no publicly known exploits are listed. It is identified as CWE‑362 (Race Condition) and CWE‑368 (Operation With Unusual Precondition). The likely attack vector requires the attacker to first gain remote code execution or significant control within the renderer process, which is difficult but not impossible. Once that condition is met, the race in Safe Browsing can be triggered by loading adversarial content to escape the sandbox.

Generated by OpenCVE AI on June 19, 2026 at 13:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install or upgrade Chrome to version 149.0.7827.155 or later to receive the Safe Browsing race condition fix.
  • Disable or tightly whitelist Chrome extensions to prevent arbitrary content from reaching the renderer process.
  • Keep macOS updated and review the browser’s sandbox settings to minimize the impact of any renderer compromise.

Generated by OpenCVE AI on June 19, 2026 at 13:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6351-1 chromium security update
History

Fri, 19 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Title Race Condition in Chrome’s Safe Browsing Allows Potential Sandbox Escape on macOS chromium-browser: chromium-browser: Race in Safe Browsing
Weaknesses CWE-368
References
Metrics threat_severity

None

threat_severity

Important


Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Race Condition in Chrome’s Safe Browsing Allows Potential Sandbox Escape on macOS

Wed, 17 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 17 Jun 2026 07:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 17 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
Description Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-362
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-18T03:55:26.694Z

Reserved: 2026-06-16T19:38:29.283Z

Link: CVE-2026-12454

cve-icon Vulnrichment

Updated: 2026-06-17T13:05:24.153Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-17T01:38:18Z

Links: CVE-2026-12454 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T13:45:05Z

Weaknesses
  • CWE-362

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

  • CWE-368

    Context Switching Race Condition