CVE-2026-9892 - Vulnerability Details

- chromium-browser: Inappropriate implementation in Skia

Description

Inappropriate implementation in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Published: 2026-05-28

Score: 8.3 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An inappropriate implementation in Skia, the graphics library used by Google Chrome on Android, permits a remote attacker who has already compromised the renderer process to escape the browser’s sandbox. By serving a crafted HTML page the attacker can potentially execute arbitrary code with higher privileges, jeopardizing the confidentiality, integrity, and availability of the device. Chromium security staff have rated the flaw as Critical.

Affected Systems

The vulnerability affects Google Chrome on Android devices running versions prior to 148.0.7778.216. Any installation of Chrome that has a renderer component older than this build is susceptible.

Risk and Exploitability

The EPSS score of <1% indicates a very low exploitation probability, and the vulnerability is not listed in CISA KEV, yet the CVSS base score of 8.3 shows high severity. Exploitation requires the attacker to already control the renderer process, typically through a malicious web page or phishing attack that loads crafted content. Once that condition is met, the Skia bug can be triggered to escape the sandbox, giving the attacker significant escape capabilities.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Google

Chrome

affected

Version	Status	Constraints
`148.0.7778.216`	affected	< 148.0.7778.216

Configuration 1 [-]

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Google

Chrome

100%

Version	Status	Scheme	Platform
`[0,148.0.7778.216)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update Chrome to version 148.0.7778.216 or later to obtain the Skia patch
Enforce Chrome policies that restrict renderer permissions and block execution of untrusted extensions or content
Adopt regular Chrome update procedures to ensure all users receive the latest security fixes

Generated by OpenCVE AI on May 29, 2026 at 18:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DSA	DSA-6316-1	chromium security update

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00214.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html
https://issues.chromium.org/issues/513948178
https://nvd.nist.gov/vuln/detail/CVE-2026-9892
https://www.cve.org/CVERecord?id=CVE-2026-9892

History

Mon, 01 Jun 2026 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google android
CPEs		cpe:2.3:a:google:chrome:::::::: cpe:2.3:o:google:android:-:::::::*
Vendors & Products		Google android

Fri, 29 May 2026 16:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-269
Metrics	cvssV3_1 `{'score': 8.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}` cvssV3_1 `{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}`

Fri, 29 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-200 CWE-732

Fri, 29 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Title	Sandbox Escape via Skia in Android Chrome	chromium-browser: Inappropriate implementation in Skia
Weaknesses		CWE-807
References		https://nvd.nist.gov/vuln/detail/CVE-2026-9892 https://www.cve.org/CVERecord?id=CVE-2026-9892
Metrics	threat_severity `None`	cvssV3_1 `{'score': 8.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N'}` threat_severity `Critical`

Fri, 29 May 2026 00:00:00 +0000

Type	Values Removed	Values Added
Title		Sandbox Escape via Skia in Android Chrome
First Time appeared		Google Google chrome
Weaknesses		CWE-200 CWE-732
Vendors & Products		Google Google chrome

Thu, 28 May 2026 22:45:00 +0000

Type	Values Removed	Values Added
Description		Inappropriate implementation in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
References		https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html https://issues.chromium.org/issues/513948178

Subscriptions

Google Android Chrome

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2026-05-28T22:25:14.810Z

Updated: 2026-05-30T03:57:19.789Z

Reserved: 2026-05-28T17:24:44.897Z

Link: CVE-2026-9892

Vulnrichment

Updated: 2026-05-29T16:04:26.158Z

NVD

Status : Analyzed

Published: 2026-05-28T23:16:47.187

Modified: 2026-06-01T18:44:31.123

Link: CVE-2026-9892

Redhat

Severity : Critical

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-9892 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-29T18:15:04Z

Weaknesses

CWE-269
Improper Privilege Management
CWE-807
Reliance on Untrusted Inputs in a Security Decision

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object