Description
Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-28
Score: 5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from an uninitialized use in the ANGLE graphics stack within Chrome. A remote attacker who has already compromised the renderer process can trigger the flaw through a crafted HTML page, causing Chrome to bypass its site isolation boundaries. This allows data or actions that should be isolated to other web pages or processes to be accessed or manipulated, compromising confidentiality and integrity of separate browsing contexts.

Affected Systems

Google Chrome browsers prior to version 148.0.7778.216 are affected. The issue is specifically present in the ANGLE component of Chrome and does not extend to other Google products listed by the CNA.

Risk and Exploitability

The CVE has a CVSS score of 5, indicating medium severity, and the attacker must first gain control of the renderer process, which typically requires a separate exploit or a privileged state. The EPSS score is < 1%, and the lack of a KEV listing suggests no widespread exploitation has been observed yet. Nonetheless, given the high impact of site isolation bypass, the risk remains significant for systems that have not applied the fix and when the renderer process can be compromised by malicious content.

Generated by OpenCVE AI on May 29, 2026 at 19:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Chrome update to version 148.0.7778.216 or later, which contains the ANGLE fix
  • Ensure the browser is set to the stable channel to receive timely security updates
  • Validate site isolation enforcement by monitoring the site isolation flag in Chrome settings, and disable any experimental features that could weaken isolation

Generated by OpenCVE AI on May 29, 2026 at 19:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Fri, 29 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L'}

Fri, 29 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title Uninitialized Memory Use Enabling Site Isolation Bypass in Chrome chromium-browser: Uninitialized Use in ANGLE
Weaknesses CWE-824
References
Metrics threat_severity

None

 cvssV3_1

{'score': 8.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N'}

threat_severity

Important

Fri, 29 May 2026 00:30:00 +0000

Type Values Removed Values Added
Title Uninitialized Memory Use Enabling Site Isolation Bypass in Chrome

Fri, 29 May 2026 00:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 28 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-457
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-29T17:11:46.770Z

Reserved: 2026-05-28T17:24:56.599Z

Link: CVE-2026-9942

cve-icon Vulnrichment

Updated: 2026-05-29T17:11:38.664Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T23:16:52.333

Modified: 2026-05-29T18:26:02.940

Link: CVE-2026-9942

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-9942 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T20:00:05Z

Weaknesses