Description
Type Confusion in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Published: 2026-06-30
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a type confusion bug in the Dawn rendering engine of Google Chrome that can allow a maliciously crafted HTML page, when processed by a compromised renderer process, to escape the browser sandbox and potentially execute arbitrary code outside the browser's security boundaries. The defect was rated as Critical by Chromium's security team.

Affected Systems

Google Chrome browsers on all platforms, up to and including versions prior to 150.0.7871.47, that use the Dawn engine are affected. No further version granularity or platform details are provided.

Risk and Exploitability

The CVSS score is not listed, but Chromium classified the issue as Critical. EPSS data is unavailable and the vulnerability is not listed in the CISA KEV catalog, indicating no known public exploit at the time of this report. The exploitation scenario requires a remote attacker with some degree of control over the renderer process to craft a malicious HTML document to trigger the type confusion and escape the sandbox.

Generated by OpenCVE AI on July 1, 2026 at 08:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Chrome to version 150.0.7871.47 or newer to apply the authoritative fix for the type confusion bug.
  • Confirm that Chrome’s sandboxing mechanisms remain enabled and are not disabled by policy or configuration.
  • If an immediate upgrade is not possible, isolate Chrome by running it in a restricted Sandboxed environment and avoid rendering untrusted HTML or files until a patch is available.

Generated by OpenCVE AI on July 1, 2026 at 08:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 01 Jul 2026 08:45:00 +0000

Type Values Removed Values Added
Title Chrome Dawn Type Confusion Leading to Sandbox Escape

Wed, 01 Jul 2026 05:00:00 +0000

Type Values Removed Values Added
Title Remote Sandbox Escape via Type Confusion in Chrome Dawn Rendering Engine

Wed, 01 Jul 2026 00:45:00 +0000

Type Values Removed Values Added
Title Remote Sandbox Escape via Type Confusion in Chrome Dawn Rendering Engine

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Type Confusion in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Weaknesses CWE-843
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:37:28.248Z

Reserved: 2026-06-29T23:03:14.295Z

Link: CVE-2026-13776

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T10:00:45Z

Weaknesses
  • CWE-843

    Access of Resource Using Incompatible Type ('Type Confusion')