Description
Inappropriate implementation in AI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is an inappropriate implementation of AI in the Google Chrome browser that allows an attacker who has already compromised the renderer process to craft a malicious HTML page and potentially escape the sandbox. This could enable the attacker to gain wider system access beyond the browser sandbox, compromising user data and system integrity.

Affected Systems

Chrome browsers with manufacturing versions before 150.0.7871.47 are affected. Users running any pre‑150.0.7871.47 release are at risk; newer releases contain the fix.

Risk and Exploitability

Chromium lists the severity as low, and no EPSS score is available. The attacker must first achieve a renderer‑process compromise – typically via a separate vulnerability or social engineering – before this flaw can be leveraged. Because the attack path requires that condition and the flaw is not active in current versions, the immediate risk is low until such a prior compromise occurs, but the potential impact of sandbox escape is serious. It is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on July 1, 2026 at 04:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 150.0.7871.47 or later to eliminate the sandbox escape vulnerability.
  • If an upgrade is not immediately possible, disable or sandbox untrusted content by enforcing content security policies or blocking third‑party scripts that could be used to deliver malicious HTML.
  • Apply all available operating‑system security updates and restrict user privileges to reduce the likelihood of a renderer process compromise.

Generated by OpenCVE AI on July 1, 2026 at 04:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 05:15:00 +0000

Type Values Removed Values Added
Title Sandbox Escape via Malicious HTML in Chrome
Weaknesses CWE-264
CWE-305

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in AI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:39:45.566Z

Reserved: 2026-06-29T23:11:52.079Z

Link: CVE-2026-14151

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T05:00:07Z

Weaknesses