Skip to main content

Google Chrome CVE-2026-10949

| EUVDEUVD-2026-34398 HIGH
Heap-based Buffer Overflow (CWE-122)
2026-06-04 chrome-cve-admin@google.com GHSA-8wxm-qw9g-rq3g
8.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.3 HIGH
AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
8.2 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 05, 2026 - 02:49 vuln.today
CVSS changed
Jun 05, 2026 - 02:22 NVD
8.3 (HIGH)
CVE Published
Jun 04, 2026 - 23:16 nvd
HIGH 8.3
CVE Published
Jun 04, 2026 - 23:16 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Heap buffer overflow in Video in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

AnalysisAI

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 stems from a heap buffer overflow in the Video component, allowing a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. Chromium rates the severity as High and a vendor patch is available; no public exploit identified at time of analysis. The CVSS 8.3 score reflects the scope change (S:C) that occurs when sandbox boundaries are crossed, though the attack requires high complexity and user interaction.

Technical ContextAI

The vulnerability resides in Chrome's Video subsystem, part of the Chromium media stack that handles decoding and rendering of video content delivered through HTML5 <video> elements and related APIs. CWE-122 (Heap-based Buffer Overflow) indicates that input data - likely malformed video metadata or stream payloads - overflows a heap-allocated buffer, corrupting adjacent memory structures. Because the Video component spans both renderer and privileged browser-process boundaries in Chromium's multi-process architecture, an overflow reachable from a compromised renderer can be leveraged to corrupt state in a more privileged process, enabling the sandbox escape described.

RemediationAI

Vendor-released patch: Google Chrome 149.0.7827.53 on the Stable channel - upgrade immediately via the built-in updater or by relaunching Chrome after it fetches the update, per the Chrome Releases advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html. Enterprise administrators using managed deployments (Group Policy, Workspace, Jamf, Intune) should accelerate the rollout ring and verify version pinning has not stalled clients at vulnerable builds. Until patching completes, compensating controls include enabling site-isolation strict mode (already default on most platforms) and blocking untrusted video-heavy sites at the proxy or DNS layer - both narrow defenses with the trade-off of breaking legitimate media playback. Downstream Chromium browser users should monitor their vendor advisories and update once the rebased build ships.

Vendor StatusVendor

SUSE

Severity: High
Product Status
openSUSE Tumbleweed Fixed

Share

CVE-2026-10949 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy