Skip to main content

Google Chrome EUVDEUVD-2026-40724

| CVE-2026-14037 CRITICAL
Protection Mechanism Failure (CWE-693)
2026-06-30 chrome-cve-admin@google.com GHSA-6932-p8gp-f49x
9.6
CVSS 3.1 · Vendor: google
Share

Severity by source

Vendor (google) PRIMARY
9.6 CRITICAL
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
vuln.today AI
8.3 HIGH

Delivered over the web (AV:N, UI:R) but requires a pre-existing renderer compromise, so AC:H; sandbox escape crosses a trust boundary (S:C) yielding high host impact.

3.1 AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
SUSE
CRITICAL
qualitative

Primary rating from Vendor (google).

CVSS VectorVendor: google

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jul 01, 2026 - 14:27 vuln.today
CVSS changed
Jul 01, 2026 - 14:22 NVD
9.6 (CRITICAL)
CVE Published
Jun 30, 2026 - 23:17 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 30, 2026 - 23:17 cve.org
CRITICAL 9.6

DescriptionCVE.org

Insufficient policy enforcement in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

AnalysisAI

Sandbox escape in Google Chrome's GPU process before 150.0.7871.47 lets a remote attacker who has already compromised the renderer process break out of the sandbox via a crafted HTML page. The flaw is a protection-mechanism failure (CWE-693) that Google patched in the June 2026 Stable channel update; Chromium rated its intrinsic severity Low because it is only useful as the second link in an exploit chain, and no public exploit has been identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Lure victim to crafted HTML page
Delivery
Compromise sandboxed renderer via prior bug
Exploit
Abuse insufficient GPU policy enforcement
Execution
Escape renderer sandbox
Impact
Execute code at higher privilege on host

Vulnerability AssessmentAI

Exploitation Exploitation requires that the attacker has ALREADY compromised Chrome's renderer process (per the description, 'a remote attacker who had compromised the renderer process') - this is a sandbox-escape/second-stage bug, not a standalone entry point. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals conflict sharply and must be weighed together. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker first lands a separate renderer-compromise bug by luring a victim to a malicious web page, gaining code execution inside Chrome's sandboxed renderer. From that foothold, the crafted HTML/GPU interactions abuse the insufficient GPU policy enforcement to escape the sandbox and gain higher-privileged execution on the host. …
Remediation Vendor-released patch: update Google Chrome to 150.0.7871.47 or later on all desktop platforms, per Google's Stable channel advisory (https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html); Chrome normally auto-updates, so ensure the browser has been fully relaunched to apply the update and confirm the version via chrome://settings/help. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Test Chrome 150.0.7871.47 in isolated environment; notify IT and end users of mandatory security update. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
SUSE Package Hub 15 SP7 Fixed
openSUSE Tumbleweed Fixed
SUSE Package Hub 15 SP7 Affected

Share

EUVD-2026-40724 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy