Description
Use after free in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a use-after-free bug in the ANGLE component of Google Chrome versions earlier than 150.0.7871.47. An attacker who has already compromised the renderer process can use a specially crafted HTML page to trigger the flaw, potentially escaping the browser sandbox and achieving arbitrary code execution. This flaw is classified as CWE-416.

Affected Systems

Google Chrome affected versions are any releases before 150.0.7871.47. The issue is only exploitable in contexts where the attacker can inject crafted HTML into the renderer process; no other external attack surfaces are noted in the description.

Risk and Exploitability

The CVE carries a low Chromium severity rating and is not listed in the CISA KEV catalog, indicating no widespread exploitation to date. The EPSS score is not available, so the estimated probability of exploitation remains uncertain but likely low. The likely attack vector is a malicious HTML page rendered in a compromised renderer process, as inferred from the description. Once the exploit is triggered, sandbox escape could allow the attacker to perform actions with the renderer’s privileges, potentially compromising the host system.

Generated by OpenCVE AI on July 1, 2026 at 02:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 150.0.7871.47 or later
  • Ensure that automatic updates are enabled on all affected machines to receive future fixes promptly
  • As a temporary mitigator, restrict execution of untrusted local HTML files or disable the ANGLE renderer through Chrome flags or enterprise policies until the patch is applied

Generated by OpenCVE AI on July 1, 2026 at 02:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 02:30:00 +0000

Type Values Removed Values Added
Title Use-After-Free in ANGLE Enables Sandbox Escape

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Weaknesses CWE-416
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:39:06.977Z

Reserved: 2026-06-29T23:11:30.734Z

Link: CVE-2026-14044

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T02:15:07Z

Weaknesses