CVE-2026-10881NVD

Vulnerability Summary

Out of bounds read and write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Severity Level

CRITICAL(9.6)

Published Date

Jun 4, 2026

Last Modified

Jun 5, 2026

Exploitation Status

UNKNOWN

Root Weakness (CWE)

CWE-125: Out-of-bounds Read ↗

The software reads data past the end, or before the beginning, of the intended buffer.

EPSS Score (30-Day)

Data Pending

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionRequired

ScopeChanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html
https://issues.chromium.org/issues/498904293