CVE-2026-9918 - Vulnerability Details

- chromium-browser: Inappropriate implementation in Tint

Description

Inappropriate implementation in Tint in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Published: 2026-05-28

Score: 9.6 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Tint component of Google Chrome has an inappropriate implementation that permits a remote attacker to craft an HTML page to perform a sandbox escape. This flaw can potentially allow the attacker to break out of the renderer sandbox and execute code with higher privileges than normally granted to the browser process. The vulnerability is ranked as high severity by Chromium and is mapped to CWE-501, indicating improper handling of security boundaries.

Affected Systems

All installations of Google Chrome older than version 148.0.7778.216 are affected. No finer sub‑version detail is supplied, so any build preceding that revision should be considered vulnerable until a patch is applied.

Risk and Exploitability

The CVSS score is 9.6, indicating extremely high damage potential if exploited. The EPSS score of less than 1% suggests that at this time the probability of exploitation is low; however, the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote, mediated through a web browser, where the attacker must get the victim to open a specially crafted HTML page—such as through a malicious website, phishing email, or embedded document. Successful exploitation would result in sandbox escape, potentially giving the attacker full control of the host system.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Google

Chrome

affected

Version	Status	Constraints
`148.0.7778.216`	affected	< 148.0.7778.216

No data.

Vendor Product Confidence Versions

Google

Chrome

100%

Version	Status	Scheme	Platform
`[148.0.7778.216,148.0.7778.216)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to Google Chrome 148.0.7778.216 or newer on all affected machines.
If a patch cannot be applied immediately, launch Chrome with the --disable-sandbox flag for the vulnerable user to prevent the sandbox escape path.
Limit exposure by disabling or removing untrusted extensions, blocking untrusted sites, and preventing the loading of potentially malicious content until the update is applied.

Generated by OpenCVE AI on May 29, 2026 at 17:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00035.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html
https://issues.chromium.org/issues/500099471
https://nvd.nist.gov/vuln/detail/CVE-2026-9918
https://www.cve.org/CVERecord?id=CVE-2026-9918

History

Fri, 29 May 2026 16:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-269
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 29 May 2026 15:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-285

Fri, 29 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Title	Chrome Sandbox Escape via Inappropriate Tint Implementation	chromium-browser: Inappropriate implementation in Tint
Weaknesses		CWE-501
References		https://nvd.nist.gov/vuln/detail/CVE-2026-9918 https://www.cve.org/CVERecord?id=CVE-2026-9918
Metrics	threat_severity `None`	cvssV3_1 `{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}` threat_severity `Important`

Fri, 29 May 2026 01:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google Google chrome
Vendors & Products		Google Google chrome

Fri, 29 May 2026 00:45:00 +0000

Type	Values Removed	Values Added
Title		Chrome Sandbox Escape via Inappropriate Tint Implementation
Weaknesses		CWE-285

Thu, 28 May 2026 22:45:00 +0000

Type	Values Removed	Values Added
Description		Inappropriate implementation in Tint in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
References		https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html https://issues.chromium.org/issues/500099471

Subscriptions

Google Chrome

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2026-05-28T22:25:23.972Z

Updated: 2026-05-29T16:03:15.766Z

Reserved: 2026-05-28T17:24:51.024Z

Link: CVE-2026-9918

Vulnrichment

Updated: 2026-05-29T16:03:01.013Z

NVD

Status : Undergoing Analysis

Published: 2026-05-28T23:16:49.897

Modified: 2026-05-29T16:16:37.770

Link: CVE-2026-9918

Redhat

Severity : Important

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-9918 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-29T17:15:04Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object