Description
Insufficient policy enforcement in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Google Chrome versions prior to 150.0.7871.47 contain insufficient policy enforcement in the Browser. A remote attacker who has already compromised the renderer process can load a specially crafted HTML page and potentially escape the renderer sandbox. This could allow the attacker to interact with resources outside the sandbox boundary, undermining confinement.

Affected Systems

The affected product is Google Chrome. Any installation using Chrome version older than 150.0.7871.47 is potentially vulnerable. No additional version specificity is supplied; the issue applies to all releases prior to the mentioned patch level.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, indicating no known active exploitation currently. Chromium labels the severity low, reflecting that exploitation requires a pre‑existing compromise of the renderer process and the delivery of malicious HTML. Based on the description, it is inferred that an attacker needs to first compromise a renderer process and then serve a malicious HTML payload to trigger the escape. The likely attack vector is a compromised renderer executing crafted content, which reduces the overall exploitation likelihood.

Generated by OpenCVE AI on July 1, 2026 at 09:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 150.0.7871.47 or later to apply the security fix.
  • Enable automatic updates or configure the system to receive Chrome updates promptly.
  • Monitor Chrome security advisories for additional mitigations or guidance.

Generated by OpenCVE AI on July 1, 2026 at 09:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 01 Jul 2026 09:45:00 +0000

Type Values Removed Values Added
Title Sandbox Escape via Insufficient Policy Enforcement in Google Chrome Renderer Process

Wed, 01 Jul 2026 04:15:00 +0000

Type Values Removed Values Added
Title Sandbox Escape via Insufficient Policy Enforcement in Google Chrome Renderer Process

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient policy enforcement in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Weaknesses CWE-20
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:39:25.306Z

Reserved: 2026-06-29T23:11:41.135Z

Link: CVE-2026-14095

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T10:30:16Z

Weaknesses
  • CWE-20

    Improper Input Validation