Description
Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Chrome’s Dawn rendering engine on Android has insufficiently validated untrusted input in versions prior to 150.0.7871.47, which could allow a remote attacker who already has control of the renderer process to craft an HTML page that triggers a sandbox escape. If successful, the attacker could execute code with higher privileges than the renderer normally has. This impact is inferred because the description states a potential escape rather than a guaranteed code execution, so the precise consequences depend on the success of the exploit but could be severe.

Affected Systems

Google Chrome for Android versions earlier than 150.0.7871.47 are affected.

Risk and Exploitability

The vulnerability is classified by Chromium as Medium severity. No EPSS score is available and it is not listed in the CISA KEV catalog. Exploitation requires the attacker already to have compromised the renderer process and to serve a malicious HTML page to the victim. The attack vector is remote, but it is limited to users who access compromised content while using an outdated Chrome installation. Because the outcome is a potential sandbox escape, the risk is significant but depends on the success of the exploit.

Generated by OpenCVE AI on July 1, 2026 at 02:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome on Android to 150.0.7871.47 or later
  • Enable Chrome’s automatic update feature to receive security patches promptly
  • Configure Safe Browsing or a reputable anti‑malware tool to block known malicious sites

Generated by OpenCVE AI on July 1, 2026 at 02:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 03:15:00 +0000

Type Values Removed Values Added
Title Sandbox Escape Vulnerability in Chrome's Dawn Engine on Android

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-20
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:38:26.884Z

Reserved: 2026-06-29T23:03:55.887Z

Link: CVE-2026-13934

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T03:00:12Z

Weaknesses
  • CWE-20

    Improper Input Validation