Description
Type Confusion in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a type‑confusion bug in ANGLE, a graphics abstraction layer used by Google Chrome. A maliciously crafted HTML page can cause the browser to misinterpret object types, potentially allowing the attacker to perform a sandbox escape. The defect is identified as a Medium severity issue by Chromium.

Affected Systems

Google Chrome browsers older than version 150.0.7871.47 on the stable channel desktop edition are potentially vulnerable. No evidence suggests other vendors or product lines are affected.

Risk and Exploitability

The flaw can be triggered by a remote attacker via a specially crafted HTML page. No CVSS or EPSS score is published, and it is not listed in the CISA KEV catalog. The release notes indicate a Medium severity rating in Chromium; however, the specific impact remains a sandbox escape, which can elevate privileges from the browser process. This represents a meaningful risk if conditions are met.

Generated by OpenCVE AI on July 1, 2026 at 05:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Google Chrome version 150.0.7871.47 or newer to contain the type‑confusion bug
  • If an upgrade is not immediately possible, enforce content‑security policies or disable inline scripting to limit the execution of untrusted HTML that could trigger the flaw
  • Avoid opening or loading unknown or suspicious web pages that may contain crafted HTML designed to exploit ANGLE

Generated by OpenCVE AI on July 1, 2026 at 05:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 06:15:00 +0000

Type Values Removed Values Added
Title ANGLE Type Confusion Leading to Sandbox Escape in Google Chrome

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Type Confusion in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-843
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:38:08.187Z

Reserved: 2026-06-29T23:03:41.575Z

Link: CVE-2026-13883

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T06:00:08Z

Weaknesses
  • CWE-843

    Access of Resource Using Incompatible Type ('Type Confusion')