Description
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Chrome’s ANGLE component performed insufficient input validation on untrusted data, enabling a compromised renderer process to break out of its sandbox and potentially execute arbitrary code on the host. The vulnerability allows an attacker who can supply a specially crafted HTML page to a renderer to use that misvalidation to escape the rendering environment.

Affected Systems

All users running Google Chrome desktop versions earlier than 150.0.7871.47 are affected. The flaw resides in the renderer process; the vulnerability is specific to the ANGLE graphics layer used by these releases.

Risk and Exploitability

The CVE is rated high severity by Chromium security, but no EPSS information is currently available. The flaw requires a remote attacker to provide malicious input to the renderer, typically by hosting a crafted web page. Because the attacker must first compromise the renderer process, the attack surface is limited compared to broader remote code execution vectors. The vulnerability is not listed in CISA’s KEV catalog, indicating no confirmed widespread exploitation at this time.

Generated by OpenCVE AI on July 1, 2026 at 00:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 150.0.7871.47 or later.
  • Adjust Chrome policies or flags to restrict rendering of untrusted HTML content where possible.
  • Monitor network traffic for unusual renderer activity and enforce web content filtering to block known malicious sites.

Generated by OpenCVE AI on July 1, 2026 at 00:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 01:00:00 +0000

Type Values Removed Values Added
Title ANGLE Input Validation Exploit Enables Sandbox Escape in Chrome

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-20
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:37:50.343Z

Reserved: 2026-06-29T23:03:29.242Z

Link: CVE-2026-13834

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T00:45:15Z

Weaknesses
  • CWE-20

    Improper Input Validation