Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
AC:H because a prior renderer compromise plus crafted Mojo messages are required; UI:R for loading the page; S:C and C/I/A:H reflect full escape from sandbox to the browser process.
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionNVD
Insufficient policy enforcement in Mojo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
AnalysisAI
Sandbox escape in Google Chrome desktop before 150.0.7871.47 lets an attacker who has already compromised the renderer process bypass Mojo IPC policy enforcement and break out of the sandbox using a crafted HTML page. This is a second-stage flaw in the Mojo inter-process communication layer rather than an initial-access bug, and Google itself rated the Chromium security severity as Low despite the NVD CVSS of 9.6. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to have ALREADY compromised the renderer process - this is a sandbox-escape primitive, not an initial-access vector, so it cannot be triggered against an unmodified renderer. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are sharply conflicting and should temper the raw CVSS 9.6. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker first exploits a separate memory-corruption or logic bug to gain code execution inside a Chrome renderer process (for example by luring a user to a malicious site). From that foothold they serve a crafted HTML page and issue malformed Mojo IPC messages that abuse the insufficient policy enforcement to escape the sandbox and run in the browser process context. … |
| Remediation | Vendor-released patch: update Google Chrome to 150.0.7871.47 or later on all desktop platforms, per the Chrome Releases advisory (https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html); most installations will pick this up automatically, so verify auto-update is enabled and relaunch the browser to apply it, since a running instance stays vulnerable until restarted. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Chrome desktop deployments and enable automatic updates or initiate manual updates to version 150.0.7871.47 or later. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40796
GHSA-8gcq-7px3-66qq