Skip to main content

Google Chrome EUVDEUVD-2026-40796

| CVE-2026-14109 CRITICAL
Client-Side Enforcement of Server-Side Security (CWE-602)
2026-06-30 chrome-cve-admin@google.com GHSA-8gcq-7px3-66qq
9.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.6 CRITICAL
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
vuln.today AI
8.3 HIGH

AC:H because a prior renderer compromise plus crafted Mojo messages are required; UI:R for loading the page; S:C and C/I/A:H reflect full escape from sandbox to the browser process.

3.1 AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jul 01, 2026 - 16:25 vuln.today
CVSS changed
Jul 01, 2026 - 16:22 NVD
9.6 (CRITICAL)
CVE Published
Jun 30, 2026 - 23:17 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 30, 2026 - 23:17 cve.org
CRITICAL 9.6

DescriptionNVD

Insufficient policy enforcement in Mojo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

AnalysisAI

Sandbox escape in Google Chrome desktop before 150.0.7871.47 lets an attacker who has already compromised the renderer process bypass Mojo IPC policy enforcement and break out of the sandbox using a crafted HTML page. This is a second-stage flaw in the Mojo inter-process communication layer rather than an initial-access bug, and Google itself rated the Chromium security severity as Low despite the NVD CVSS of 9.6. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Compromise renderer via separate exploit
Delivery
Serve crafted HTML page
Exploit
Send malformed Mojo IPC messages
Execution
Bypass insufficient policy enforcement
Impact
Escape sandbox to browser process

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to have ALREADY compromised the renderer process - this is a sandbox-escape primitive, not an initial-access vector, so it cannot be triggered against an unmodified renderer. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are sharply conflicting and should temper the raw CVSS 9.6. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker first exploits a separate memory-corruption or logic bug to gain code execution inside a Chrome renderer process (for example by luring a user to a malicious site). From that foothold they serve a crafted HTML page and issue malformed Mojo IPC messages that abuse the insufficient policy enforcement to escape the sandbox and run in the browser process context. …
Remediation Vendor-released patch: update Google Chrome to 150.0.7871.47 or later on all desktop platforms, per the Chrome Releases advisory (https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html); most installations will pick this up automatically, so verify auto-update is enabled and relaunch the browser to apply it, since a running instance stays vulnerable until restarted. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all Chrome desktop deployments and enable automatic updates or initiate manual updates to version 150.0.7871.47 or later. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-40796 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy