Description
Out of bounds read and write in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out‑of‑bounds read and write in the ANGLE component of Chrome. An attacker who has already compromised the renderer process could use a specially crafted HTML page to trigger the memory corruption and potentially escape the renderer's sandbox. This weakness matches CWE‑787, demonstrating a failure to validate bounds during memory access. If exploited, the attacker could gain privileges above those of the renderer, allowing further compromise of the host system.

Affected Systems

Google Chrome versions prior to 150.0.7871.47 are affected. The issue appears in the ANGLE renderer, which is used for GPU abstraction on all desktop platforms. All users running the stable channel before this build should consider the vulnerability relevant.

Risk and Exploitability

EPSS is not available and the vulnerability is not listed in CISA's KEV catalog. The CVSS score is not disclosed, but the Chromium severity is Low, indicating a modest impact and a high effort requirement. Exploitation requires the attacker to first compromise the renderer process; the crafted page must be delivered to a victim's browser. Thus, while sandbox escape is possible, the minimal exploitation prerequisites and low assigned severity suggest a moderate risk for most environments.

Generated by OpenCVE AI on July 1, 2026 at 03:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 150.0.7871.47 or later to apply the official fix.
  • Disable GPU acceleration or ANGLE by starting Chrome with the --disable-gpu flag or by turning off hardware acceleration in the settings.
  • Keep the operating system and graphics drivers up to date to reduce the attack surface that may assist in renderer compromise.

Generated by OpenCVE AI on July 1, 2026 at 03:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 03:45:00 +0000

Type Values Removed Values Added
Title Out-Of-Bounds Read/Write in ANGLE May Enable Chrome Sandbox Escape

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Out of bounds read and write in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Weaknesses CWE-787
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:39:45.923Z

Reserved: 2026-06-29T23:11:52.275Z

Link: CVE-2026-14152

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T03:30:05Z

Weaknesses