Description
Integer overflow in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-30
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An integer overflow in Skia within Google Chrome permits an attacker who can impact the renderer process to escape its sandbox, potentially enabling actions beyond the renderer’s restricted privileges. The CVE states that a remote attacker who has compromised the renderer process could exploit this overflow through a crafted HTML page. This high‑severity flaw is the result of a numeric overflow (CWE‑472) that undermines the browser’s isolation model.

Affected Systems

Google Chrome browsers on desktop platforms, any version prior to 150.0.7871.47. The affected component is the Skia rendering library integrated into the renderer process.

Risk and Exploitability

The CVSS score is 8.3, indicating high severity. The EPSS score is < 1%, reflecting a very low probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog. Attack requires delivery of a crafted HTML page to a renderer process that has already been compromised or is under the attacker's influence. Exploiting the integer overflow would allow the attacker to escape the renderer sandbox, potentially enabling actions beyond the sandboxed privileges but not guaranteeing arbitrary code execution on the host.

Generated by OpenCVE AI on July 1, 2026 at 22:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Chrome to version 150.0.7871.47 or later, which contains the Skia integer‑overflow fix.
  • Ensure that Chrome updates automatically and install all security updates as soon as they become available.
  • Configure the browser to run with the most restrictive sandbox settings and disable any unnecessary renderer process privileges when possible.

Generated by OpenCVE AI on July 1, 2026 at 22:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 22:45:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Skia Enables Sandbox Escape in Chrome

Wed, 01 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 14:45:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Skia Enables Sandbox Escape in Chrome

Wed, 01 Jul 2026 08:30:00 +0000

Type Values Removed Values Added
Title Skia integer overflow enables sandbox escape in Google Chrome
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 01 Jul 2026 02:00:00 +0000

Type Values Removed Values Added
Title Skia integer overflow enables sandbox escape in Google Chrome

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Integer overflow in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-472
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-07-01T14:43:45.703Z

Reserved: 2026-06-29T23:03:31.002Z

Link: CVE-2026-13841

cve-icon Vulnrichment

Updated: 2026-07-01T14:43:41.119Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T22:30:16Z

Weaknesses
  • CWE-472

    External Control of Assumed-Immutable Web Parameter