Description
Insufficient policy enforcement in Mojo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Insufficient policy enforcement in Chrome's Mojo inter‑process communication framework lets a remote attacker who has already compromised the renderer process escape that sandbox by delivering a crafted HTML page, potentially granting higher privileges or enabling arbitrary code execution on the host.

Affected Systems

Google Chrome desktop versions before 150.0.7871.47 are impacted. The flaw resides in the Mojo component that mediates communication between renderers and other Chrome processes.

Risk and Exploitability

Because no CVSS or EPSS metrics are published and the vulnerability is not listed in CISA KEV, the overall risk is limited. Exploitation requires a prior renderer compromise, which normally occurs via a separate local or remote vulnerability or malicious content. Without that initial foothold, the flaw cannot be abused. The current Chromium severity label of low indicates that known proof of concept or widespread exploitation has not been observed.

Generated by OpenCVE AI on July 1, 2026 at 09:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to version 150.0.7871.47 or newer
  • Enable automatic updates to ensure the patch is applied promptly
  • If an update cannot be installed immediately, restrict browsing to trusted sites or use a virtual machine until the patch is available

Generated by OpenCVE AI on July 1, 2026 at 09:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 09:45:00 +0000

Type Values Removed Values Added
Title Mojo Policy Enforcement Flaw Enables Sandbox Escape in Chrome
Weaknesses CWE-269

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient policy enforcement in Mojo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:39:30.339Z

Reserved: 2026-06-29T23:11:44.009Z

Link: CVE-2026-14109

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T09:30:05Z

Weaknesses
  • CWE-269

    Improper Privilege Management