Description
Integer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-30
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An integer overflow (CWE‑472) in the Chromecast component of Google Chrome can be triggered by a crafted HTML page that an attacker supplies after having already compromised the renderer process. The overflow occurs when bounds checking on cast command data is insufficient, allowing memory corruption that can break the browser’s sandbox and potentially lead to remote code execution. The flaw is marked as High severity by the Chromium team, indicating that exploitation could result in significant loss of confidentiality, integrity, and availability of the victim’s system.

Affected Systems

Google Chrome versions older than 150.0.7871.47 on all supported operating systems are affected. Users still running stable channel releases before that version must verify whether the Chromecast component has been patched, as the vulnerability resides specifically in that component.

Risk and Exploitability

The EPSS score is not available and the flaw is not listed in the CISA KEV catalog. Exploitation requires a prior compromise of the renderer process; after that, a malicious HTML page can trigger the integer overflow. Because the attack is limited to browsers that retain the unpatched Chromecast code, the risk is elevated for systems remaining on older releases. The high severity rating and potential sandbox escape underscore a significant impact if the flaw were actively exploited.

Generated by OpenCVE AI on July 1, 2026 at 14:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Google Chrome 150.0.7871.47 or later, which includes the bounds‑checking fix that resolves the CWE‑472 overflow.
  • If a patch cannot be applied immediately, disable the Chromecast feature through Chrome settings, flags, or group policy to remove the vulnerable code path and mitigate exposure to integer overflows.
  • Ensure that Chrome runs with the most restrictive sandbox settings and that the operating system enforces strict process isolation; this limits the damage an attacker can cause if an integer overflow occurs, consistent with mitigation guidelines for CWE‑472.

Generated by OpenCVE AI on July 1, 2026 at 14:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 15:00:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Chromecast Enables Potential Sandbox Escape

Wed, 01 Jul 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 01 Jul 2026 05:00:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Chromecast Enables Potential Sandbox Escape

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Integer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-472
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-07-01T15:31:04.925Z

Reserved: 2026-06-29T23:03:21.105Z

Link: CVE-2026-13801

cve-icon Vulnrichment

Updated: 2026-07-01T15:30:45.731Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T14:45:16Z

Weaknesses
  • CWE-472

    External Control of Assumed-Immutable Web Parameter