What is the CVSS score of EUVD-2026-35276?

EUVD-2026-35276 has a CVSS 3.1 base score of 8.3 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Google Chrome are affected by EUVD-2026-35276?

Google Chrome and ChromeOS on Linux (prior to version 149.0.7827.103) contain a sandbox escape vulnerability in the WebGPU component that could enable privilege escalation if the browser process is…. A patch is available.

How to fix or mitigate EUVD-2026-35276?

Within 24 hours: Inventory all Chrome and ChromeOS Linux deployments and document current versions. Within 7 days: Deploy Chrome version 149.0.7827.103 or later across all Linux systems, prioritizing machines with elevated access or sensitive data handling. Within 30 days: Verify patch deployment across all Chrome and ChromeOS Linux endpoints and ensure no systems remain on vulnerable versions.

Google Chrome EUVD-2026-35276

| CVE-2026-11676 HIGH

Improper Input Validation (CWE-20)

2026-06-09 chrome-cve-admin@google.com

GHSA-68c4-77cf-437j

Information Disclosure Google Red Hat Suse

8.3

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.3 HIGH

AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

SUSE

CRITICAL

qualitative

Red Hat

8.2 HIGH

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Jun 09, 2026 - 11:29 vuln.today

CVSS changed

Jun 09, 2026 - 11:22 NVD

8.3 (HIGH)

CVE Published

Jun 09, 2026 - 00:16 nvd

UNKNOWN (no severity yet)

CVE Published

Jun 09, 2026 - 00:16 nvd

HIGH 8.3

DescriptionCVE.org

Insufficient validation of untrusted input in Dawn in Google Chrome on Linux and ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

AnalysisAI

Sandbox escape in Google Chrome and ChromeOS on Linux prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page abusing the Dawn (WebGPU) component. Chromium rates the severity High, and while no public exploit identified at time of analysis, sandbox-escape bugs in Dawn are historically chained with renderer RCE bugs in exploit chains. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Identify Linux/ChromeOS Chrome target

Delivery

Lure victim to crafted HTML page

Exploit

Exploit separate renderer bug for RCE

Install

Issue malformed Dawn IPC to GPU process

Trigger input-validation flaw, escape sandbox

Execute

Execute code in GPU process context

Impact

Pivot to host-level compromise

Recon

Identify Linux/ChromeOS Chrome target

Delivery

Lure victim to crafted HTML page

Exploit

Exploit separate renderer bug for RCE

Install

Issue malformed Dawn IPC to GPU process

Trigger input-validation flaw, escape sandbox

Execute

Execute code in GPU process context

Impact

Pivot to host-level compromise

Vulnerability AssessmentAI

Exploitation	Two stacked prerequisites: (1) the attacker must have already achieved code execution inside a Chrome renderer process - typically via a separate, chained renderer RCE - because Dawn IPC is only reachable from a compromised renderer, not directly from JavaScript on a normal page; (2) the victim must visit attacker-controlled HTML in Chrome or ChromeOS on Linux at a version below 149.0.7827.103, satisfying the UI:R user-interaction requirement. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS vector AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H paints a nuanced picture: network-reachable and unauthenticated, but with High attack complexity and required user interaction (visiting a malicious page), tempered by a Scope-changed full-impact outcome. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A targeted user is lured to a crafted webpage that first triggers a separate renderer-process vulnerability to gain code execution inside the sandboxed renderer, then issues malformed WebGPU/Dawn commands across the IPC boundary to corrupt state in the GPU process and escape the sandbox. The attacker thereby gains code execution in a higher-privilege Chrome process on Linux or ChromeOS, enabling persistent access, credential theft, or further OS-level escalation. …
Remediation	Vendor-released patch: Chrome 149.0.7827.103 on Linux and the corresponding ChromeOS stable-channel build - upgrade immediately per the Chrome Releases advisory (https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Chrome and ChromeOS Linux deployments and document current versions. …

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Critical

Product	Status
openSUSE Leap 16.0	Fixed
openSUSE Tumbleweed	Fixed

EUVD-2026-35276 vulnerability details – vuln.today

Back

Google Chrome EUVD-2026-35276

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code