Description
Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-17
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a race condition in Chrome’s updater on macOS versions prior to 149.0.7827.155. A remote attacker who has already compromised the renderer process can trick the browser into escaping its sandbox by loading a specially crafted HTML page. This attack could allow malicious code to run with elevated system privileges, representing a high‑severity vulnerability.

Affected Systems

Google Chrome on macOS, any build before version 149.0.7827.155. The affected releases are those that run the vulnerable updater component on the Mac operating system.

Risk and Exploitability

The CVSS score of 8.3 indicates high severity, and the EPSS score (< 1%) suggests a very low probability that this flaw will be actively exploited in the wild. It is not listed in CISA’s KEV catalog. However, the vulnerability could lead to remote code execution if an attacker controls the renderer process. The attack vector requires the attacker to first gain a foothold in the browser’s renderer, then deliver a malicious HTML payload that triggers the race condition in the updater component. Because the flaw is tied to a race condition, successful exploitation depends on timing and the precise state of the updater during the browser’s operation. Organizations using older Chrome releases on macOS should treat this as a priority to patch.

Generated by OpenCVE AI on June 18, 2026 at 23:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome on macOS to version 149.0.7827.155 or later immediately.
  • Ensure automatic Chrome updates are enabled so future patches are applied without manual intervention.
  • As a temporary safeguard, enforce strict content security policies or monitor for unusual untrusted HTML content until the upgrade can be deployed.

Generated by OpenCVE AI on June 18, 2026 at 23:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6351-1 chromium security update
History

Fri, 19 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Title Race Condition in Chrome Updater Allows Sandbox Escape on macOS

Thu, 18 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Title Race Condition in Chrome Updater May Enable Remote Sandbox Escape on macOS
Weaknesses CWE-269

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Race Condition in Chrome Updater May Enable Remote Sandbox Escape on macOS
Weaknesses CWE-269
CWE-362
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 17 Jun 2026 07:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 17 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
Description Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-18T03:55:32.162Z

Reserved: 2026-06-16T19:38:34.174Z

Link: CVE-2026-12468

cve-icon Vulnrichment

Updated: 2026-06-17T13:21:45.361Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T00:00:06Z

Weaknesses
  • CWE-362

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')