Description
Insufficient validation of untrusted input in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in Glic within Google Chrome allows an attacker to supply crafted HTML that is insufficiently validated, which can lead to a sandbox escape. This weakness could enable the attacker to break out of the browser sandbox and run arbitrary code on the host system, compromising confidentiality, integrity and availability of the affected machine. The Chromium team has categorized the vulnerability as high severity.

Affected Systems

Google Chrome users on versions older than 150.0.7871.47 are affected. This includes all stable channel releases remaining in the 150.x series that have not applied the 150.0.7871.47 update or newer revisions.

Risk and Exploitability

The CVSS score is not provided, but the Chromium security severity is listed as high. EPSS data is unavailable and the vulnerability is not in the CISA KEV catalog. The likely attack vector involves a remote attacker delivering a malicious HTML page to a victim, which is then rendered by the browser. If exploited, the sandbox escape could result in the execution of arbitrary code with user‑level privileges or greater. Given the lack of public exploitation evidence, the exact likelihood is uncertain, but the high severity designation warrants prompt action.

Generated by OpenCVE AI on July 1, 2026 at 00:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 150.0.7871.47 or later to apply the vendor‑supplied fix.
  • If an immediate upgrade is not possible, restrict the browser’s ability to load untrusted HTML content by disabling JavaScript or using a trusted‑perimeter mode where feasible.
  • Continuously monitor Google’s release notes and apply security updates promptly to mitigate any future exposure.

Generated by OpenCVE AI on July 1, 2026 at 00:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 01:00:00 +0000

Type Values Removed Values Added
Title Chrome Sandbox Escape via Insufficient Input Validation

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient validation of untrusted input in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-20
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:37:44.045Z

Reserved: 2026-06-29T23:03:24.969Z

Link: CVE-2026-13817

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T00:45:15Z

Weaknesses
  • CWE-20

    Improper Input Validation