Severity by source
AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Network-delivered via HTML but AC:H and UI:R because attacker must first land a renderer RCE and the user must load the page; S:C and C/I/A:H reflect full sandbox escape.
Primary rating from Vendor (Chrome).
CVSS VectorVendor: Chrome
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
Insufficient validation of untrusted input in Accessibility in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
AnalysisAI
Sandbox escape in Google Chrome on macOS prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that exercises the Accessibility subsystem. Chromium rates the issue Critical severity; no public exploit identified at time of analysis, and the flaw is not on the CISA KEV list. The bug is reachable only after a prior renderer compromise and requires user interaction, which limits drive-by exploitation but makes it a key second-stage primitive in a full browser chain.
Technical ContextAI
The flaw lives in Chrome's Accessibility (a11y) component on macOS, which bridges the sandboxed renderer process to the more privileged browser process so it can expose DOM/UI semantics to assistive technologies like VoiceOver. CWE-20 (Improper Input Validation) indicates that messages or data crossing this renderer→browser IPC boundary are not adequately sanitized, so a malicious renderer can send unexpected accessibility input that the browser-side handler mishandles, breaking the sandbox isolation that normally contains renderer compromises. The CPE cpe:2.3:a:google:chrome covers desktop Chrome, but the description explicitly scopes impact to the macOS build, where the accessibility implementation differs from Windows/Linux due to its reliance on the NSAccessibility APIs.
RemediationAI
Vendor-released patch: Chrome 149.0.7827.115 for macOS - upgrade immediately via the stable channel as documented at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01962725236.html. In managed fleets, push the update via MDM (Jamf, Intune, Kandji) and force a browser relaunch so the renderer/browser processes pick up the fix; verify by checking chrome://version. As a temporary compensating control on hosts that cannot be patched quickly, restrict browsing to trusted sites via enterprise policy (URLBlocklist/URLAllowlist) to reduce exposure to attacker-controlled HTML pages that could deliver a renderer-RCE-plus-this-escape chain - note this materially impacts user productivity. Disabling assistive technology integration is not a reliable mitigation since the accessibility tree is built regardless of whether a screen reader is attached.
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Critical| Product | Status |
|---|---|
| SUSE Package Hub 15 SP7 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Package Hub 15 SP7 | Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36330
GHSA-4h4g-832r-8c7f