Severity by source
AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Heap buffer overflow in Video in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
AnalysisAI
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 stems from a heap buffer overflow in the Video component, allowing a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. Chromium rates the severity as High and a vendor patch is available; no public exploit identified at time of analysis. The CVSS 8.3 score reflects the scope change (S:C) that occurs when sandbox boundaries are crossed, though the attack requires high complexity and user interaction.
Technical ContextAI
The vulnerability resides in Chrome's Video subsystem, part of the Chromium media stack that handles decoding and rendering of video content delivered through HTML5 <video> elements and related APIs. CWE-122 (Heap-based Buffer Overflow) indicates that input data - likely malformed video metadata or stream payloads - overflows a heap-allocated buffer, corrupting adjacent memory structures. Because the Video component spans both renderer and privileged browser-process boundaries in Chromium's multi-process architecture, an overflow reachable from a compromised renderer can be leveraged to corrupt state in a more privileged process, enabling the sandbox escape described.
RemediationAI
Vendor-released patch: Google Chrome 149.0.7827.53 on the Stable channel - upgrade immediately via the built-in updater or by relaunching Chrome after it fetches the update, per the Chrome Releases advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html. Enterprise administrators using managed deployments (Group Policy, Workspace, Jamf, Intune) should accelerate the rollout ring and verify version pinning has not stalled clients at vulnerable builds. Until patching completes, compensating controls include enabling site-isolation strict mode (already default on most platforms) and blocking untrusted video-heavy sites at the proxy or DNS layer - both narrow defenses with the trade-off of breaking legitimate media playback. Downstream Chromium browser users should monitor their vendor advisories and update once the rebased build ships.
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Heap Overflow
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34398
GHSA-8wxm-qw9g-rq3g