Description
Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-06
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A heap buffer overflow in ANGLE within Chrome allows a remote attacker who has already compromised the renderer process to potentially escape the sandbox by loading a specially crafted HTML page. The vulnerability is a classic heap buffer overflow involving an incorrect buffer length calculation (CWE-120) and an out-of-bounds write (CWE-122) that could lead to arbitrary code execution or privilege escalation within the renderer's context, jeopardizing the integrity and confidentiality of the user’s system.

Affected Systems

This flaw exists in Google Chrome for desktop versions earlier than 148.0.7778.96. It affects any installation of Chrome on that platform where ANGLE is used for rendering graphics.

Risk and Exploitability

The CVSS score of 8.3 classifies the flaw as High severity, with an EPSS score of 0.00057 that indicates a very low probability of exploitation. It is not listed in the CISA KEV catalog, indicating no known widespread exploitation. The exploit requires an attacker to first compromise the renderer process, meaning the attack vector is not a simple remote attack but a privilege escalation or sandbox escape path. Because of these prerequisites, the likelihood of exploitation in the wild is uncertain, yet the potential impact remains substantial should an attacker succeed.

Generated by OpenCVE AI on May 9, 2026 at 03:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 148.0.7778.96 or later so that the ANGLE heap buffer overflow is fixed.
  • If an upgrade cannot be performed immediately, enforce strict sandboxing for renderer processes through Chrome policies or flags, reducing the attacker’s ability to escape the sandbox even if the renderer is compromised.
  • Implement monitoring for anomalous renderer activity or crashes and automate rollback or isolation of the affected process when suspicious behavior is detected.

Generated by OpenCVE AI on May 9, 2026 at 03:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6250-1 chromium security update
History

Sat, 09 May 2026 00:15:00 +0000

Type Values Removed Values Added
Title chromium-browser: Heap buffer overflow in ANGLE
Weaknesses CWE-120
References
Metrics threat_severity

None

 threat_severity

Important

Thu, 07 May 2026 01:45:00 +0000

Type Values Removed Values Added
Title Sandbox Escape via ANGLE Heap Buffer Overflow in Chrome

Wed, 06 May 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Wed, 06 May 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 06 May 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 06 May 2026 19:45:00 +0000

Type Values Removed Values Added
Title Sandbox Escape via ANGLE Heap Buffer Overflow in Chrome

Wed, 06 May 2026 18:30:00 +0000

Type Values Removed Values Added
Description Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-122
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-07T03:56:36.706Z

Reserved: 2026-05-05T22:59:04.251Z

Link: CVE-2026-7900

cve-icon Vulnrichment

Updated: 2026-05-06T20:23:07.419Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T19:16:38.300

Modified: 2026-05-06T23:42:50.240

Link: CVE-2026-7900

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-05T00:00:00Z

Links: CVE-2026-7900 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-09T04:00:14Z

Weaknesses