Description
Insufficient data validation in Storage in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Insufficient data validation in the Storage component of Google Chrome prior to version 150.0.7871.47 enables a remote attacker — once the renderer process is compromised — to craft an HTML page that may trigger a sandbox escape. The vulnerability is a classic buffer overflow (CWE‑122) that can lead to execution of arbitrary code with elevated privileges and potentially full system compromise.

Affected Systems

All instances of Google Chrome running versions older than 150.0.7871.47 are affected, regardless of the operating system, as the flaw resides in the cross‑process storage handling that is common to all builds.

Risk and Exploitability

The CVSS score is not published, and the EPSS score is unavailable, but the Chromium team has classified the issue as medium severity. Because the flaw requires a renderer compromise, an attacker would first need to supply malicious web content that bypasses content‑security controls. No known public exploits exist, and the vulnerability is not listed in the CISA KEV catalog. The risk is moderate, and effective mitigation is to update Chrome to the fixed version.

Generated by OpenCVE AI on July 1, 2026 at 02:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Chrome version 150.0.7871.47 or later
  • Configure Chrome to enforce automatic updates so that future patches are applied promptly
  • If updating is not immediately possible, minimize exposure by disabling or restricting renderer processes for untrusted web content

Generated by OpenCVE AI on July 1, 2026 at 02:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 03:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Chrome Storage Allows Sandbox Escape

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient data validation in Storage in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-122
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:38:42.474Z

Reserved: 2026-06-29T23:04:06.315Z

Link: CVE-2026-13976

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T02:45:03Z

Weaknesses
  • CWE-122

    Heap-based Buffer Overflow