Severity by source
AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Network-delivered crafted HTML (AV:N), requires prior renderer compromise and user interaction yielding AC:H and UI:R; PR:N as no auth needed; sandbox escape crosses trust boundary (S:C) with full host-process impact (C/I/A:H).
Primary rating from Vendor (Chrome).
CVSS VectorVendor: Chrome
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
AnalysisAI
Sandbox escape in Google Chrome's DevTools component before version 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. Rated High severity by Chromium with a CVSS of 8.3, this is a second-stage vulnerability typically chained with a renderer RCE bug. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Technical ContextAI
The flaw resides in Chrome's DevTools subsystem, the integrated developer tooling that communicates with the renderer process over a privileged channel. Because DevTools historically runs with elevated privileges relative to web content, improper input validation (CWE-20) in this boundary can let a malicious renderer escalate beyond the sandboxed process model that isolates web content from the underlying OS. The affected product per CPE is cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* across versions prior to 149.0.7827.115 on desktop builds.
RemediationAI
Vendor-released patch: Google Chrome 149.0.7827.115 - upgrade all desktop Chrome installations to this version or later by allowing the browser to auto-update and restarting, per the Chrome Releases advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01962725236.html and the upstream tracker at https://issues.chromium.org/issues/516482138. Enterprise administrators should push the update via Chrome Browser Cloud Management or their MDM/group policy and verify deployment via chrome://settings/help. Users of Chromium-derived browsers (Edge, Brave, Opera, Vivaldi) should apply their vendor's corresponding stable update as soon as it ships. Compensating controls until patching is complete: enable Enhanced Safe Browsing to reduce exposure to malicious pages, restrict installation of untrusted browser extensions that could host crafted HTML, and consider blocking access to the chrome-devtools:// scheme via policy - note this may break legitimate developer workflows.
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Critical| Product | Status |
|---|---|
| SUSE Package Hub 15 SP7 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Package Hub 15 SP7 | Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36337
GHSA-wh8j-wm5w-mx75