Description
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An input validation flaw in ANGLE, the graphics abstraction layer used by Chrome, allows a compromised renderer process to craft data that bypasses sandbox bounds. The flaw is a classic boundary check error (CWE‑20). If exploited, the attacker could escape the renderer sandbox and execute code with higher privileges, potentially compromising the user’s system.

Affected Systems

Google Chrome versions prior to 150.0.7871.47. The vulnerability is present in all installations that use ANGLE without the recent patch. The affected component is the renderer process that handles web content.

Risk and Exploitability

The Chromium security team rated the issue as critical, but no EPSS score is available and the vulnerability is not listed in CISA’s KEV catalog. Exploitation requires the attacker to already control or influence the renderer process, typically through malicious web content or a compromised extension. The opportunity for a full sandbox escape would grant code execution outside the renderer, enabling further system compromise.

Generated by OpenCVE AI on July 1, 2026 at 00:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to version 150.0.7871.47 or a newer release that includes the ANGLE input validation fix.
  • Disable or remove untrusted extensions that could allow a renderer process compromise, and only grant permissions to trusted extensions.
  • Configure Chrome’s sandbox settings via enterprise policy to enforce additional restrictions on renderer processes, if available.
  • Monitor endpoints for anomalous renderer behavior or sandbox escape attempts, and keep security software up‑to‑date.

Generated by OpenCVE AI on July 1, 2026 at 00:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 00:45:00 +0000

Type Values Removed Values Added
Title ANGLE Input Validation Leading to Sandbox Escape in Chrome

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Weaknesses CWE-20
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:37:30.005Z

Reserved: 2026-06-29T23:03:15.773Z

Link: CVE-2026-13780

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T00:30:06Z

Weaknesses
  • CWE-20

    Improper Input Validation