Chrome
Monthly
Cross-origin data leakage in Google Chrome's WebRTC component on Windows exposes limited confidential data to remote attackers via a race condition in all Chrome versions prior to 148.0.7778.216. An unauthenticated remote attacker (PR:N) can exploit this by luring a victim to a crafted HTML page, exploiting a timing window in WebRTC's concurrent execution to read cross-origin data. No public exploit has been identified at time of analysis and EPSS stands at 0.03% (9th percentile), indicating very low real-world exploitation pressure despite Chrome's internal 'High' severity classification.
Heap corruption in Google Chrome's PDFium component before version 148.0.7778.216 lets a remote attacker trigger a use-after-free condition by serving a crafted PDF, opening the door to code execution within the renderer process. The flaw carries a CVSS 8.8 (High) rating and requires user interaction (UI:R) to open or render the malicious document. EPSS is currently very low (0.03%, 11th percentile) and no public exploit has been identified at time of analysis, though Chrome PDFium UAFs have a long history of weaponization in browser exploit chains.
Sandboxed arbitrary code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free condition in the PDF component that remote attackers can trigger by serving a crafted PDF file. The flaw carries a CVSS 8.8 rating reflecting network reach with required user interaction (opening or rendering a malicious PDF), and no public exploit identified at time of analysis though Google rates the underlying Chromium severity as High.
Remote code execution in Google Chrome on iOS prior to 148.0.7778.216 allows attackers to exploit a use-after-free memory corruption flaw when a victim is lured to a malicious HTML page and performs specific UI gestures. The issue carries a CVSS 7.5 (High) score with high attack complexity and required user interaction, and no public exploit has been identified at time of analysis.
Cross-origin data leakage in Google Chrome on iOS prior to 148.0.7778.216 exposes sensitive information from cross-origin resources to remote attackers via a crafted HTML page. The flaw is confined to Chrome's iOS-specific implementation (distinct from Chrome on Android, Windows, or macOS), meaning the affected population is limited to iOS users running unpatched Chrome builds. With a CVSS score of 4.3 (Medium), no CISA KEV listing, and an EPSS of 0.03% (11th percentile), no public exploit identified at time of analysis, this is a real but lower-priority disclosure issue - though the zero-privilege-required network vector merits timely patching.
Heap corruption in Google Chrome's TabStrip component before version 148.0.7778.216 allows remote attackers to potentially achieve code execution by serving a crafted HTML page and inducing the victim to perform specific UI gestures. Chromium rates the issue High severity, but EPSS places exploitation probability at just 0.03% (11th percentile) and no public exploit identified at time of analysis, reflecting the high attack complexity and required user interaction.
Out-of-bounds read in Chrome's ANGLE graphics layer exposes process memory to remote attackers who can deliver a crafted HTML page to a victim. Unauthenticated (PR:N) remote exploitation is confirmed by the CVSS vector, though user interaction is required - the victim must open a malicious page. Confidentiality impact is rated High (C:H) with no integrity or availability consequence, making this a targeted information-disclosure primitive rather than a code-execution path. No public exploit or CISA KEV listing exists at time of analysis, and the EPSS score of 0.03% (11th percentile) reflects low observed exploitation pressure.
Remote code execution in Google Chrome's WebAudio component (versions prior to 148.0.7778.216) allows a remote attacker to execute arbitrary code inside the renderer sandbox via a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High severity by Chromium, with a CVSS score of 8.8 reflecting low attack complexity and no authentication required, though user interaction (visiting a page) is needed. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 enables remote attackers to break out of the renderer process sandbox by enticing a user to visit a crafted HTML page that triggers a use-after-free condition in the UI component. Chromium rates the severity as High, and a vendor patch is available; no public exploit identified at time of analysis and EPSS exploitation probability is currently very low (0.03%, 11th percentile).
Same-origin policy bypass in Google Chrome for iOS (all versions prior to 148.0.7778.216) allows an attacker who has already achieved renderer process compromise to cross browser origin boundaries via a crafted HTML page, potentially exposing restricted cross-origin content. The root cause is insufficient validation of untrusted input (CWE-20) in iOS-specific Chrome code, a platform-divergent codepath not present in desktop Chrome. No public exploit has been identified and no CISA KEV listing exists; however, Chromium's internal 'High' severity rating contrasts with the NVD CVSS score of 3.1, reflecting that the renderer pre-compromise prerequisite substantially constrains standalone exploitability while the SOP bypass itself carries serious chaining potential.
Sandbox escape in Google Chrome on Windows before 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page leveraging a use-after-free in Core. The flaw is rated High by Chromium and carries CVSS 8.3, but EPSS is very low (0.03%) and no public exploit identified at time of analysis, so it is most relevant as the second stage of a multi-bug exploit chain rather than a standalone entry vector.
Sandbox escape in Google Chrome on macOS before 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the Views UI component. The flaw is rated High severity by Chromium and carries a CVSS 8.3 due to scope change, but EPSS is only 0.03% and there is no public exploit identified at time of analysis. Exploitation is realistic only as the second stage of a chained renderer compromise rather than a standalone drive-by attack.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the browser's XML handling component, allowing a remote attacker to execute arbitrary code inside the renderer sandbox via a crafted HTML page. Chromium rates the severity as High with a CVSS 3.1 score of 8.8, and exploitation requires user interaction such as visiting a malicious site. No public exploit identified at time of analysis, but use-after-free flaws in Chrome's XML parsing have historically been chained with sandbox escapes for full system compromise.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free condition in the ANGLE graphics translation layer that lets a remote attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page. Google rates this High severity and a vendor patch is available, but EPSS scoring (0.03%, 11th percentile) is low and no public exploit identified at time of analysis, suggesting it has not yet been weaponized broadly.
Remote code execution in Google Chrome on Windows prior to version 148.0.7778.216 allows attackers to execute arbitrary code within the renderer sandbox by enticing a victim to visit a crafted HTML page that triggers a use-after-free condition in the Media component. Rated High severity by Chromium with a CVSS 8.8 score, the flaw requires user interaction (visiting a malicious page) but no authentication, and no public exploit identified at time of analysis.
Uninitialized use (CWE-457) in ANGLE, Chrome's graphics abstraction layer, exposes cross-origin data to attackers who have already compromised the renderer process in Google Chrome prior to 148.0.7778.216. Exploitation requires delivering a crafted HTML page to a victim who interacts with it, making this a post-compromise data exfiltration primitive rather than an initial access vector. The CVSS score of 3.1 and EPSS of 0.03% (11th percentile) are consistent with the constrained prerequisites; no public exploit code exists and no active exploitation has been confirmed.
Cross-origin data leakage in Google Chrome's WebGL implementation on Android affects all Chrome versions prior to 148.0.7778.216. The WebGL graphics subsystem performs an out-of-bounds read (CWE-125) when processing attacker-controlled content, exposing adjacent memory contents across origin boundaries to the initiating page. Remote unauthenticated attackers can trigger this condition by serving a crafted HTML page, but victim interaction is required - the user must visit the malicious page. No active exploitation is confirmed (not listed in CISA KEV), and EPSS of 0.03% (10th percentile) indicates low exploitation probability at time of analysis.
Uninitialized memory use in ANGLE (Almost Native Graphics Layer Engine) within Google Chrome versions prior to 148.0.7778.216 enables a remote attacker - who has already achieved renderer process compromise - to bypass site isolation via a specially crafted HTML page. This is a chained exploitation scenario: the vulnerability is not standalone, but serves as a second-stage primitive to break Chrome's cross-origin security boundary once an initial renderer foothold exists. No public exploit code has been identified at time of analysis, and the EPSS score of 0.01% (3rd percentile) reflects minimal observed exploitation activity.
Remote code execution in Google Chrome (ANGLE component) prior to version 148.0.7778.216 allows a remote attacker to execute arbitrary code inside the renderer sandbox via a crafted HTML page. The flaw is a use-after-free memory corruption issue (CWE-416) rated High severity by Chromium and CVSS 8.8, requiring only that a victim visit a malicious page. No public exploit identified at time of analysis, and the CVE is not currently listed in CISA KEV.
Heap corruption in Google Chrome's ANGLE graphics layer prior to version 148.0.7778.216 allows remote attackers to potentially achieve code execution within the renderer process when a victim visits a crafted HTML page. Google rated the issue High severity and has shipped a stable-channel fix; no public exploit identified at time of analysis and EPSS is currently 0.03% (10th percentile), indicating low observed exploitation interest despite the strong technical impact.
Remote code execution in Google Chrome prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code within the renderer sandbox by tricking a user into visiting a crafted HTML page that triggers a heap buffer overflow in the WebCodecs component. Chromium rates this severity High and a vendor patch is available, though EPSS exploitation probability is currently very low (0.03%, 9th percentile) and there is no public exploit identified at time of analysis.
Remote code execution in Google Chrome's V8 JavaScript engine prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code inside the renderer sandbox via a crafted HTML page. The Chromium project rates the severity as High and CVSS scores it 8.8 (network-reachable, low complexity, no privileges, user interaction required). No public exploit identified at time of analysis, and EPSS is very low (0.04%, 12th percentile), suggesting limited near-term mass-exploitation likelihood despite the high impact rating.
Sandbox escape in Google Chrome on Windows versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a use-after-free flaw in the UI component, triggered by a crafted HTML page. Chromium rates this High severity and a vendor patch is available, though no public exploit has been identified at time of analysis and EPSS exploitation probability is very low (0.03%, 11th percentile).
Sandbox escape in Google Chrome on macOS prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the GPU/GFX sandbox via a crafted HTML page, leveraging a use-after-free condition. The flaw is rated High severity by Chromium (CVSS 8.3) and requires user interaction plus a chained renderer compromise; no public exploit identified at time of analysis and EPSS exploitation probability is very low (0.03%).
Cross-origin data leakage in Google Chrome's ANGLE graphics layer affects all versions prior to 148.0.7778.216, enabling remote unauthenticated attackers (PR:N) to read cross-process memory contents via a crafted HTML page. The root cause is an uninitialized variable (CWE-457) in ANGLE - Chrome's OpenGL ES abstraction layer - where stale memory contents can be read and exfiltrated across security origins. No public exploit code has been identified at time of analysis and the EPSS score of 0.03% (11th percentile) indicates very low current exploitation probability; however, the low attack complexity (AC:L) and zero privilege requirement make opportunistic targeting feasible once exploitation techniques mature.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the Aura UI framework component. A remote attacker who lures a user to a malicious HTML page and convinces them to perform specific UI gestures can execute arbitrary code within the browser process. No public exploit identified at time of analysis, and the CVSS 7.5 score reflects high attack complexity combined with required user interaction.
Use-after-free in the Input component of Google Chrome prior to 148.0.7778.216 allows a remote attacker to trigger heap corruption when a victim is lured to a crafted HTML page and performs specific UI gestures. Chromium rates the severity High, and while no public exploit identified at time of analysis and EPSS is very low (0.03%, 11th percentile), the bug class historically yields renderer RCE when chained with a sandbox escape. A vendor patch is available in the stable channel update referenced by Google.
Sandbox escape in Google Chrome on Windows prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the renderer sandbox via a use-after-free in the ANGLE graphics layer. Exploitation requires user interaction (visiting a crafted HTML page) and a pre-existing renderer compromise, so it functions as the second stage of an exploit chain rather than a standalone RCE. No public exploit identified at time of analysis and EPSS is very low (0.03%), but Chrome rates the underlying flaw as High severity.
Sandbox escape in Google Chrome's GPU process prior to version 148.0.7778.216 lets a remote attacker who has already gained code execution inside the renderer process break out of Chrome's sandbox via a crafted HTML page. The flaw is a use-after-free (CWE-416) rated High by Chromium and carries CVSS 8.3 (AV:N/AC:H/PR:N/UI:R/S:C). EPSS is very low (0.03%), and there is no public exploit identified at time of analysis, but the bug is part of a stable-channel security release shipped by Google.
Out-of-bounds memory write in Dawn, Chrome's WebGPU implementation, affects Google Chrome on macOS prior to version 148.0.7778.216. Remote unauthenticated attackers (per CVSS PR:N) can trigger the write via a crafted HTML page requiring only a single user interaction - visiting a malicious site. The CVSS-scored impact is constrained to low integrity (I:L), with no confidentiality or availability impact confirmed, suggesting the write primitive is limited or difficult to weaponize for full code execution without chaining additional exploits. No public exploit identified at time of analysis and EPSS at 0.03% (11th percentile) indicates very low exploitation probability.
Cross-origin data leakage in Google Chrome's WebGL implementation on Android allows remote unauthenticated attackers to exfiltrate sensitive cross-origin content from a victim's browser session. Affected are all Chrome for Android releases prior to 148.0.7778.216. Exploitation requires the victim to visit a crafted HTML page, but no prior privileges or authentication are needed on the attacker's side. No public exploit identified at time of analysis and EPSS remains at 0.03%, indicating low automated or widespread exploitation pressure.
Remote code execution in Google Chrome for Windows prior to 148.0.7778.216 stems from an out-of-bounds read in the ANGLE graphics abstraction layer, enabling attackers who lure a user to a malicious page to execute arbitrary code in the renderer context. Chromium rates the severity High and CVSS scores it 8.8 due to network reach and high impact across confidentiality, integrity, and availability, though successful exploitation requires user interaction (visiting the crafted page). No public exploit has been identified at time of analysis, but ANGLE bugs have historically been chained into browser sandbox escapes.
Remote code execution in Google Chrome's ANGLE graphics layer prior to version 148.0.7778.216 allows attackers to run arbitrary code inside the browser sandbox when a victim visits a crafted HTML page. The flaw is a use-after-free memory corruption issue (CWE-416) reported internally by the Chrome team and rated High by Chromium; no public exploit identified at time of analysis, though Chrome UAF bugs in ANGLE are historically attractive targets and pair well with sandbox escapes.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 leverages a heap buffer overflow in the ANGLE graphics translation layer, enabling attackers who have already compromised the renderer process to break out of Chrome's sandbox via a crafted HTML page. Chromium rates the severity as High and CVSS scores it at 8.3, though EPSS remains very low at 0.03% and no public exploit has been identified at time of analysis.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 enables remote attackers, who have already compromised the renderer process, to break out of the browser sandbox via a use-after-free flaw in the ANGLE graphics translation layer. Exploitation requires user interaction (visiting a crafted HTML page) and a prior renderer compromise, making this a second-stage primitive in a chained attack. EPSS is low at 0.03% and there is no public exploit identified at time of analysis, though Google rates the underlying Chromium severity as High.
Sandbox escape in Google Chrome on Windows before 148.0.7778.216 lets a remote attacker who has already compromised the renderer process break out of the Chrome sandbox via a crafted HTML page that triggers a heap buffer overflow in ANGLE. The flaw carries CVSS 8.3 (High) and is rated Chromium-severity High, but EPSS is only 0.03% and there is no public exploit identified at time of analysis. Patched in the Stable channel update announced by Google on the Chrome Releases blog.
Heap corruption in Google Chrome's Skia graphics library affects all versions prior to 148.0.7778.216 and can be triggered by a remote attacker hosting a crafted HTML page. Successful exploitation requires user interaction (visiting the page) but yields high confidentiality, integrity, and availability impact within the renderer context. No public exploit is identified at time of analysis and EPSS is very low (0.03%), though Chromium rates the severity as High and a vendor patch is available.
Renderer-to-browser sandbox escape in Google Chrome on macOS prior to 148.0.7778.216 enables remote code execution via a use-after-free in the GPU process. An attacker who has already compromised the renderer can leverage a crafted HTML page to corrupt GPU process memory and execute arbitrary code outside the renderer sandbox. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but Chromium rates the underlying severity as High.
Cross-origin information disclosure in Google Chrome for Android allows a remote attacker to leak sensitive cross-origin data by luring a victim to a crafted HTML page that exploits uninitialized memory in the WebGL implementation. Affected are all Chrome for Android releases prior to 148.0.7778.216. No public exploit code exists and no active exploitation has been confirmed (not in CISA KEV), with EPSS at 0.03% (10th percentile) reflecting minimal current exploitation activity.
Cross-origin data disclosure in Google Chrome on Android (prior to 148.0.7778.216) stems from uninitialized GPU memory that a renderer-compromised attacker can read via a crafted HTML page. This is a second-stage, chained vulnerability - exploitation requires that the renderer process has already been compromised through a separate, unspecified vector. CVSS rates this Low (3.1) consistent with the constrained impact (C:L only) and high attack complexity; EPSS of 0.03% (11th percentile) confirms no public exploit identified at time of analysis.
Cross-origin data leakage in Google Chrome on Android (prior to 148.0.7778.216) via an out-of-bounds read in the WebGL rendering engine allows remote attackers to exfiltrate memory contents when a victim visits a crafted HTML page. The CVSS score of 4.3 (Medium) reflects a network-reachable, low-complexity attack requiring no privileges but dependent on user interaction, with confidentiality impact limited to partial disclosure. No public exploit code or CISA KEV listing has been identified at time of analysis, and an EPSS score of 0.03% (10th percentile) corroborates low active exploitation likelihood; however, the platform-specific scope (Android Chrome) and cross-origin data exposure potential make this relevant for organizations with mobile browser threat models.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker to break out of the renderer sandbox via a crafted HTML page that triggers an inappropriate implementation flaw in the Tint graphics component. The issue carries a CVSS 9.6 (scope-changed) rating reflecting cross-boundary impact, requires user interaction (visiting a malicious page), and is rated High severity by Chromium; there is no public exploit identified at time of analysis and EPSS is low at 0.03%.
Uninitialized memory exposure in the WebGL subsystem of Google Chrome on Android prior to 148.0.7778.216 allows unauthenticated remote attackers to read potentially sensitive data from browser process memory. Exploitation requires the victim to visit a specially crafted HTML page, placing this in the drive-by/social-engineering threat category rather than fully automated attacks. No public exploit code identified at time of analysis, and EPSS of 0.03% (10th percentile) reflects minimal current exploitation pressure despite the High CVSS confidentiality impact.
Out-of-bounds write in the ANGLE graphics translation layer in Google Chrome before 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to potentially escape the Chrome sandbox via a crafted HTML page. The flaw is rated High severity by Chromium and chained exploitation could lead to code execution outside the renderer sandbox, though no public exploit identified at time of analysis and EPSS estimates only a 0.03% near-term exploitation probability.
Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. Rated High by Chromium with CVSS 8.3 (scope-changed) and CWE-122 heap buffer overflow; no public exploit identified at time of analysis and EPSS is very low (0.03%), but the vulnerability is in the second-stage chain typically combined with a renderer RCE.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page exploiting insufficient input validation in the ANGLE graphics layer. The flaw carries a CVSS 8.3 (High) rating with scope change and full CIA impact, but EPSS is very low at 0.05% (15th percentile) and there is no public exploit identified at time of analysis. Chrome's security team rated this High severity and a patched stable channel build is available.
Out-of-bounds read in Google Chrome's ANGLE graphics abstraction layer (versions prior to 148.0.7778.216) allows remote unauthenticated attackers to potentially read limited memory contents from within the browser's process space when a user visits a crafted HTML page. The flaw originates from an inappropriate implementation within ANGLE's rendering pipeline - Chrome's cross-platform graphics engine - resulting in a CWE-125 out-of-bounds read condition with limited confidentiality impact (C:L) and no integrity or availability consequences. No public exploit code has been identified at time of analysis, and EPSS scores this at 0.03% (11th percentile), indicating very low real-world exploitation probability.
GPU memory disclosure in Google Chrome on Android (versions prior to 148.0.7778.216) exposes potentially sensitive process memory to unauthenticated remote attackers via crafted HTML pages. The root cause is an inappropriate implementation within Chrome's GPU subsystem on Android, classified as CWE-200, which permits out-of-bounds or unauthorized memory reads during rendering operations. No public exploit code exists and no active exploitation is confirmed; EPSS probability sits at a low 0.03%, though the Android-only scope and requirement for user interaction are the primary limiting factors rather than intrinsic exploitation difficulty.
Out-of-bounds memory read via integer overflow in Chrome's ANGLE graphics layer exposes limited memory contents to remote attackers who can lure victims to a malicious page. Affected are all Google Chrome versions prior to 148.0.7778.216 on desktop platforms. The vulnerability carries a CVSS score of 4.3 (Medium) with a confidentiality-only impact; no public exploit code exists and no active exploitation has been confirmed, with EPSS at 0.03% (11th percentile), placing real-world risk at low-to-moderate despite the network-accessible attack vector.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from an out-of-bounds memory access in the ANGLE graphics translation layer that lets a remote attacker run arbitrary code inside the renderer sandbox via a crafted HTML page. Chromium rates the issue High severity and a vendor patch is available, though no public exploit identified at time of analysis and the EPSS score of 0.04% (12th percentile) indicates very low observed exploitation likelihood at this time.
Sandboxed arbitrary code execution in Google Chrome (Skia graphics library) prior to version 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to execute additional code inside the Chrome sandbox via a crafted HTML page. The flaw is an integer overflow rated High by Chromium's security team with a CVSS of 7.5, but EPSS is very low (0.04%, 12th percentile) and there is no public exploit identified at time of analysis. Exploitation requires user interaction (visiting a page) and a pre-existing renderer compromise, so this is a chain component rather than a standalone RCE.
Out-of-bounds read in Chrome's ANGLE graphics layer exposes process memory contents to unauthenticated remote attackers who can lure a user to a crafted HTML page. All Google Chrome desktop versions prior to 148.0.7778.216 are affected, with the vulnerability carrying a CVSS 6.5 and exclusively a confidentiality impact - no integrity or availability loss. No public exploit code has been identified at time of analysis, and the EPSS score of 0.03% (11th percentile) reflects low current exploitation activity, consistent with a typical Chrome graphics-component disclosure ahead of a stable channel patch.
Cross-origin data leakage in Google Chrome's Dawn WebGPU implementation on Windows affects all versions prior to 148.0.7778.216. The out-of-bounds read (CWE-125) in the Dawn graphics layer allows remote unauthenticated attackers to exfiltrate cross-origin data by enticing a user to visit a crafted HTML page, exploiting improper buffer boundary enforcement during GPU operations. No public exploit code or CISA KEV listing exists at time of analysis; EPSS at 0.03% (11th percentile) indicates very low automated exploitation likelihood, consistent with the moderate CVSS 4.3 score and required user interaction.
Sandbox escape in Google Chrome before 148.0.7778.216 enables a remote attacker who has already compromised the renderer process to break out of Chrome's sandbox through an out-of-bounds write in the GPU process triggered by a crafted HTML page. Google rates the Chromium security severity as High and a vendor patch is available, but no public exploit has been identified at time of analysis and EPSS exploitation probability is low at 0.03% (11th percentile).
Sandbox escape in Google Chrome on Windows prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting a use-after-free in the Accessibility component. Chromium rates the severity as High and a vendor patch is available, but no public exploit has been identified at time of analysis and EPSS exploitation probability remains very low at 0.03%.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free condition in the ANGLE graphics translation layer, triggered when a victim visits a crafted HTML page. Remote attackers can potentially break out of Chrome's renderer sandbox to gain broader access on the host system. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.03% (11th percentile), though the Chromium team rated severity as High.
Site Isolation bypass in Google Chrome prior to 148.0.7778.216 enables a remote attacker - who has already compromised the renderer process - to escape cross-origin protections by delivering a crafted MHTML page. Rooted in CWE-20 (Improper Input Validation) within Chrome's Site Isolation subsystem, successful exploitation yields limited confidentiality, integrity, and availability impact across cross-origin content boundaries. No public exploit code has been identified and no CISA KEV listing exists; EPSS sits at 0.02% (6th percentile), consistent with a constrained, multi-prerequisite attack chain rather than widespread opportunistic exploitation.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that triggers a use-after-free in the Accessibility component. Chromium rates the issue High severity and a vendor patch is available, though no public exploit identified at time of analysis and EPSS exploitation probability is currently low (0.03%, 11th percentile).
Sandbox escape and arbitrary code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the ANGLE graphics translation layer. An attacker who has already compromised the renderer process can leverage a crafted HTML page to break memory safety and execute code in a higher-privileged context. No public exploit identified at time of analysis, though Chromium rates the underlying severity as High.
Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of Chrome's sandbox via a crafted HTML page. Rated High severity by Chromium with a CVSS of 8.3, the issue is patched but no public exploit has been identified at time of analysis, and EPSS exploitation probability is low (0.03%, 11th percentile).
Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free (CWE-416) rated High severity by Chromium with a CVSS score of 8.3, but EPSS exploitation probability is currently very low at 0.03% and no public exploit has been identified at time of analysis.
Sandbox escape in Google Chrome on Android prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers insufficient input validation in the GPU component. Chromium rates the severity High and CVSS scores it 8.3, but EPSS exploitation probability is very low (0.05%, 15th percentile) and there is no public exploit identified at time of analysis.
Remote code execution in Google Chrome prior to 148.0.7778.216 enables a remote attacker to execute arbitrary code within the renderer sandbox by luring a user to a crafted HTML page that triggers a use-after-free in the DOM implementation. The flaw carries a CVSS 8.8 (High) rating reflecting network reach with required user interaction, and Google has rated the Chromium severity as High; no public exploit is identified at the time of analysis and the issue is not listed in CISA KEV.
Remote code execution in Google Chrome's V8 JavaScript engine prior to version 148.0.7778.216 allows remote attackers to execute arbitrary code inside the renderer sandbox by luring a user to a crafted HTML page. The flaw is a CWE-787 out-of-bounds write in V8 carrying a CVSS 8.8 (High) with Chromium severity rated High; no public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via an out-of-bounds read in the GPU process triggered by a crafted HTML page. Google rates the underlying issue as High severity, and while a vendor patch is shipped, EPSS shows only 0.03% (11th percentile) exploitation probability and no public exploit code or active exploitation has been identified at the time of analysis.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of Chrome's sandbox via a use-after-free in the GPU process. Chrome rates the underlying memory corruption as High severity, and while no public exploit identified at time of analysis, the bug is part of a chained-exploit class historically weaponized against browsers. EPSS is very low (0.03%) reflecting the prerequisite of an already-compromised renderer rather than a direct one-shot RCE.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the Chromium sandbox via a crafted HTML page that triggers a use-after-free in the Skia graphics library. Google rated this Critical internally, though no public exploit identified at time of analysis and EPSS scores exploitation probability at just 0.03% (11th percentile). The flaw requires chaining with a separate renderer compromise, so it is a second-stage primitive rather than a single-shot RCE.
Sandbox escape in Google Chrome on Android prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting an inappropriate implementation in the Skia graphics library. Chromium rates the underlying issue as Critical severity, though no public exploit is identified at time of analysis and EPSS is very low at 0.03%. This is a chain-stage bug - exploitation requires a pre-existing renderer compromise, making it valuable as the second link in a full Android browser exploit chain rather than a standalone vector.
Sandbox escape in Google Chrome before 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted Chrome Extension exploiting a use-after-free in the Extensions component. Chromium rates the underlying flaw as Critical severity, though no public exploit has been identified at time of analysis and EPSS exploitation probability sits at 0.03% (11th percentile).
Sandbox escape in Google Chrome on Windows prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page targeting the XR (WebXR) component. The flaw is a use-after-free rated Critical by Chromium and CVSS 8.3 (AV:N/AC:H/PR:N/UI:R/S:C); no public exploit identified at time of analysis and EPSS is low at 0.03%, but the bug forms a key link in a multi-stage browser exploit chain.
Sandbox escape in Google Chrome on Android prior to 148.0.7778.216 allows a remote attacker to break out of the renderer sandbox by serving a crafted HTML page that triggers an out-of-bounds read and write in the Dawn WebGPU implementation. Chromium rates the underlying issue as Critical severity, and CVSS 8.3 with scope change reflects the cross-boundary impact, though EPSS is low at 0.03% and no public exploit has been identified at time of analysis.
Sandbox escape in Google Chrome for Android versions prior to 148.0.7778.216 enables a remote attacker who has already compromised the renderer process to break out of the sandbox via a use-after-free flaw in the WebView component. Chromium rates the severity as Critical, and a vendor patch is available; no public exploit identified at time of analysis and EPSS is very low (0.03%, 10th percentile), but the chained-exploit potential against mobile users makes prompt patching important.
Remote code execution in Google Chrome prior to 148.0.7778.216 allows attackers to exploit a use-after-free condition in the Proxy component via a malicious PAC (Proxy Auto-Config) script delivered through a crafted web page. Chromium rates this as Critical severity, and while no public exploit identified at time of analysis, the EPSS score of 0.04% reflects low predicted exploitation activity despite the high CVSS 8.8 rating. Successful exploitation requires user interaction (UI:R) such as visiting an attacker-controlled page that triggers the vulnerable PAC processing path.
Sandbox escape in Google Chrome on macOS prior to 148.0.7778.216 allows a remote attacker to break out of the renderer sandbox by enticing a user to visit a crafted HTML page that triggers a use-after-free in the Base component. Chromium rates the severity Critical and CVSS scores it 9.6, though no public exploit is identified at time of analysis and EPSS exploitation probability is currently very low (0.03%).
Sandbox escape in Google Chrome on macOS prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that abuses insufficient UI input validation. Chromium rates the underlying issue Critical, though current intelligence shows no public exploit identified at time of analysis and a very low EPSS score (0.05%, 15th percentile), indicating the bug is patched before broad weaponization. Exploitation requires chaining with a separate renderer compromise and user interaction, raising the practical bar despite the high CVSS of 8.3.
Remote code execution in Google Chrome on macOS prior to version 148.0.7778.216 allows attackers to exploit a use-after-free flaw in the Browser component via a malicious HTML page. Rated Critical by Chromium's security team with a CVSS of 8.8, exploitation requires user interaction (visiting a crafted page) but no authentication, and no public exploit identified at time of analysis. A vendor patch is available through the Chrome stable channel update.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code via a crafted HTML page exploiting a use-after-free flaw in the Base component. Chromium classifies the severity as Critical, and Google has shipped a stable channel update; no public exploit has been identified at time of analysis. Exploitation requires user interaction (visiting a malicious page), which is the typical drive-by browser attack model.
Cross-origin data leakage in Google Chrome's ANGLE graphics layer (prior to 148.0.7778.216) allows unauthenticated remote attackers to read sensitive cross-origin information by luring a victim to a crafted HTML page. The root cause is an integer overflow in ANGLE, Chrome's graphics translation engine, which is internally rated Critical by the Chrome security team despite a CVSS score of only 4.3. No public exploit has been identified at time of analysis, and the EPSS exploitation probability is very low at 0.03% (11th percentile), though the cross-origin data leakage class of vulnerability has historically attracted targeted exploitation in browser ecosystems.
Sandbox escape in Google Chrome on macOS versions prior to 148.0.7778.216 allows attackers to break out of the browser's renderer sandbox via a use-after-free flaw in the Bluetooth component. Exploitation requires convincing a user to install a malicious Chrome Extension, which then triggers the bug through crafted extension interactions. Chromium rates this Critical severity; no public exploit identified at time of analysis and EPSS remains low (0.01%) despite the high CVSS of 9.0.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that abuses insufficient input validation in WebGL. Chromium rates the underlying severity as Critical, and while no public exploit is identified at time of analysis, the EPSS score is low (0.04%, 14th percentile) and the CVSS:3.1 base is 8.3 due to high attack complexity and required user interaction. The flaw is part of a multi-stage exploit chain rather than a one-shot RCE.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from an out-of-bounds write in the ANGLE graphics translation layer, allowing a remote attacker to execute arbitrary code in the browser's renderer context after a victim visits a crafted HTML page. Chromium rates this severity Critical and CVSS scores it 8.8, with vendor patches released via the Stable channel update; no public exploit identified at time of analysis.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in ANGLE, the graphics abstraction layer that translates OpenGL ES calls to native GPU APIs. A remote attacker who lures a user into visiting a crafted HTML page can execute arbitrary code within the renderer sandbox, with Chromium rating the severity as Critical. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 enables a remote attacker who has already compromised the renderer process to break out of Chrome's sandbox via a use-after-free flaw in the ANGLE graphics translation layer. Exploitation requires user interaction with a crafted HTML page and is typically chained with a separate renderer-compromise bug. No public exploit identified at time of analysis, and EPSS is very low (0.03%), though Google rated the underlying issue Critical severity.
Sandbox escape in Google Chrome for Android prior to 148.0.7778.216 allows a remote attacker who lures a user to a crafted HTML page to break out of the renderer sandbox by exploiting a use-after-free condition in the WebGL component. Chromium rates the issue Critical and CVSS scores it 9.6 due to the scope change from compromised renderer to host, though EPSS is only 0.03% (10th percentile) and no public exploit identified at time of analysis.
Sandbox escape in Google Chrome on Android prior to 148.0.7778.216 allows remote attackers to potentially break out of the renderer sandbox via an out-of-bounds read in the WebGL component when a victim visits a crafted HTML page. Chromium rates the underlying issue as Critical severity, and while no public exploit is identified at time of analysis (EPSS 0.03%), the combination of scope-change (S:C) and full CIA impact makes this a high-priority browser patch for Android fleets.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker to exploit a use-after-free condition in the Dawn WebGPU implementation through a crafted HTML page, leading to potential escape from the browser's renderer sandbox. The flaw carries a CVSS 9.6 with scope change reflecting cross-boundary impact, and while no public exploit identified at time of analysis, Google's own classification of the underlying Chromium severity as Critical signals significant risk to end users. EPSS is currently low (0.03%, 11th percentile), suggesting no widespread exploitation has been observed yet despite the severity.
Remote code execution in Google Chrome desktop versions prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code within the renderer sandbox by serving a crafted HTML page that triggers a use-after-free condition in the Network component. Google rates the underlying Chromium issue as Critical severity, and no public exploit identified at time of analysis, though the bug class and reachable attack surface make it a high-priority browser patch.
Sandbox escape in Google Chrome on Android prior to 148.0.7778.216 allows remote attackers to corrupt GPU process memory via a crafted HTML page, breaking out of the renderer sandbox boundary. Chromium rates this Critical severity with a CVSS of 9.6 due to scope change, though EPSS remains low at 0.03% and no public exploit identified at time of analysis.
Authentication bypass in SpSoft AppLock 7.9.40 for Android allows a local attacker with physical device access to circumvent fingerprint or PIN protection and access locked applications such as Chrome. The flaw stems from the app's reliance on a custom UI overlay rather than enforcing authentication at a deeper system level - cascading interface navigation triggered via advertisement or browser intents exposes routes that allow the attacker to exit the lock screen without re-authenticating. No public exploitation (CISA KEV) has been confirmed, but a researcher-published proof-of-concept exists on GitHub, and EPSS is low at 0.04% (11th percentile), consistent with the physical-access requirement limiting opportunistic exploitation.
SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config permission inject arbitrary SQL through the custom-report column-config endpoint, which concatenates user-supplied 'sql', 'from', and 'where' fields directly into a query executed via Doctrine's fetchAssociative(). Because the controller returns raw database error messages in its JSON response, attackers can perform error-based extraction (e.g. EXTRACTVALUE) to read credentials and arbitrary tables, and can bypass the keyword denylist using inline /**/ comments to reach UPDATE/INSERT/DELETE - compromising confidentiality and integrity. Publicly available exploit code exists (a full PoC is published in the GitHub advisory); no CISA KEV listing or EPSS score is present in the provided data.
Cross-origin data leakage in Google Chrome's WebRTC component on Windows exposes limited confidential data to remote attackers via a race condition in all Chrome versions prior to 148.0.7778.216. An unauthenticated remote attacker (PR:N) can exploit this by luring a victim to a crafted HTML page, exploiting a timing window in WebRTC's concurrent execution to read cross-origin data. No public exploit has been identified at time of analysis and EPSS stands at 0.03% (9th percentile), indicating very low real-world exploitation pressure despite Chrome's internal 'High' severity classification.
Heap corruption in Google Chrome's PDFium component before version 148.0.7778.216 lets a remote attacker trigger a use-after-free condition by serving a crafted PDF, opening the door to code execution within the renderer process. The flaw carries a CVSS 8.8 (High) rating and requires user interaction (UI:R) to open or render the malicious document. EPSS is currently very low (0.03%, 11th percentile) and no public exploit has been identified at time of analysis, though Chrome PDFium UAFs have a long history of weaponization in browser exploit chains.
Sandboxed arbitrary code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free condition in the PDF component that remote attackers can trigger by serving a crafted PDF file. The flaw carries a CVSS 8.8 rating reflecting network reach with required user interaction (opening or rendering a malicious PDF), and no public exploit identified at time of analysis though Google rates the underlying Chromium severity as High.
Remote code execution in Google Chrome on iOS prior to 148.0.7778.216 allows attackers to exploit a use-after-free memory corruption flaw when a victim is lured to a malicious HTML page and performs specific UI gestures. The issue carries a CVSS 7.5 (High) score with high attack complexity and required user interaction, and no public exploit has been identified at time of analysis.
Cross-origin data leakage in Google Chrome on iOS prior to 148.0.7778.216 exposes sensitive information from cross-origin resources to remote attackers via a crafted HTML page. The flaw is confined to Chrome's iOS-specific implementation (distinct from Chrome on Android, Windows, or macOS), meaning the affected population is limited to iOS users running unpatched Chrome builds. With a CVSS score of 4.3 (Medium), no CISA KEV listing, and an EPSS of 0.03% (11th percentile), no public exploit identified at time of analysis, this is a real but lower-priority disclosure issue - though the zero-privilege-required network vector merits timely patching.
Heap corruption in Google Chrome's TabStrip component before version 148.0.7778.216 allows remote attackers to potentially achieve code execution by serving a crafted HTML page and inducing the victim to perform specific UI gestures. Chromium rates the issue High severity, but EPSS places exploitation probability at just 0.03% (11th percentile) and no public exploit identified at time of analysis, reflecting the high attack complexity and required user interaction.
Out-of-bounds read in Chrome's ANGLE graphics layer exposes process memory to remote attackers who can deliver a crafted HTML page to a victim. Unauthenticated (PR:N) remote exploitation is confirmed by the CVSS vector, though user interaction is required - the victim must open a malicious page. Confidentiality impact is rated High (C:H) with no integrity or availability consequence, making this a targeted information-disclosure primitive rather than a code-execution path. No public exploit or CISA KEV listing exists at time of analysis, and the EPSS score of 0.03% (11th percentile) reflects low observed exploitation pressure.
Remote code execution in Google Chrome's WebAudio component (versions prior to 148.0.7778.216) allows a remote attacker to execute arbitrary code inside the renderer sandbox via a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High severity by Chromium, with a CVSS score of 8.8 reflecting low attack complexity and no authentication required, though user interaction (visiting a page) is needed. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 enables remote attackers to break out of the renderer process sandbox by enticing a user to visit a crafted HTML page that triggers a use-after-free condition in the UI component. Chromium rates the severity as High, and a vendor patch is available; no public exploit identified at time of analysis and EPSS exploitation probability is currently very low (0.03%, 11th percentile).
Same-origin policy bypass in Google Chrome for iOS (all versions prior to 148.0.7778.216) allows an attacker who has already achieved renderer process compromise to cross browser origin boundaries via a crafted HTML page, potentially exposing restricted cross-origin content. The root cause is insufficient validation of untrusted input (CWE-20) in iOS-specific Chrome code, a platform-divergent codepath not present in desktop Chrome. No public exploit has been identified and no CISA KEV listing exists; however, Chromium's internal 'High' severity rating contrasts with the NVD CVSS score of 3.1, reflecting that the renderer pre-compromise prerequisite substantially constrains standalone exploitability while the SOP bypass itself carries serious chaining potential.
Sandbox escape in Google Chrome on Windows before 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page leveraging a use-after-free in Core. The flaw is rated High by Chromium and carries CVSS 8.3, but EPSS is very low (0.03%) and no public exploit identified at time of analysis, so it is most relevant as the second stage of a multi-bug exploit chain rather than a standalone entry vector.
Sandbox escape in Google Chrome on macOS before 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the Views UI component. The flaw is rated High severity by Chromium and carries a CVSS 8.3 due to scope change, but EPSS is only 0.03% and there is no public exploit identified at time of analysis. Exploitation is realistic only as the second stage of a chained renderer compromise rather than a standalone drive-by attack.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the browser's XML handling component, allowing a remote attacker to execute arbitrary code inside the renderer sandbox via a crafted HTML page. Chromium rates the severity as High with a CVSS 3.1 score of 8.8, and exploitation requires user interaction such as visiting a malicious site. No public exploit identified at time of analysis, but use-after-free flaws in Chrome's XML parsing have historically been chained with sandbox escapes for full system compromise.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free condition in the ANGLE graphics translation layer that lets a remote attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page. Google rates this High severity and a vendor patch is available, but EPSS scoring (0.03%, 11th percentile) is low and no public exploit identified at time of analysis, suggesting it has not yet been weaponized broadly.
Remote code execution in Google Chrome on Windows prior to version 148.0.7778.216 allows attackers to execute arbitrary code within the renderer sandbox by enticing a victim to visit a crafted HTML page that triggers a use-after-free condition in the Media component. Rated High severity by Chromium with a CVSS 8.8 score, the flaw requires user interaction (visiting a malicious page) but no authentication, and no public exploit identified at time of analysis.
Uninitialized use (CWE-457) in ANGLE, Chrome's graphics abstraction layer, exposes cross-origin data to attackers who have already compromised the renderer process in Google Chrome prior to 148.0.7778.216. Exploitation requires delivering a crafted HTML page to a victim who interacts with it, making this a post-compromise data exfiltration primitive rather than an initial access vector. The CVSS score of 3.1 and EPSS of 0.03% (11th percentile) are consistent with the constrained prerequisites; no public exploit code exists and no active exploitation has been confirmed.
Cross-origin data leakage in Google Chrome's WebGL implementation on Android affects all Chrome versions prior to 148.0.7778.216. The WebGL graphics subsystem performs an out-of-bounds read (CWE-125) when processing attacker-controlled content, exposing adjacent memory contents across origin boundaries to the initiating page. Remote unauthenticated attackers can trigger this condition by serving a crafted HTML page, but victim interaction is required - the user must visit the malicious page. No active exploitation is confirmed (not listed in CISA KEV), and EPSS of 0.03% (10th percentile) indicates low exploitation probability at time of analysis.
Uninitialized memory use in ANGLE (Almost Native Graphics Layer Engine) within Google Chrome versions prior to 148.0.7778.216 enables a remote attacker - who has already achieved renderer process compromise - to bypass site isolation via a specially crafted HTML page. This is a chained exploitation scenario: the vulnerability is not standalone, but serves as a second-stage primitive to break Chrome's cross-origin security boundary once an initial renderer foothold exists. No public exploit code has been identified at time of analysis, and the EPSS score of 0.01% (3rd percentile) reflects minimal observed exploitation activity.
Remote code execution in Google Chrome (ANGLE component) prior to version 148.0.7778.216 allows a remote attacker to execute arbitrary code inside the renderer sandbox via a crafted HTML page. The flaw is a use-after-free memory corruption issue (CWE-416) rated High severity by Chromium and CVSS 8.8, requiring only that a victim visit a malicious page. No public exploit identified at time of analysis, and the CVE is not currently listed in CISA KEV.
Heap corruption in Google Chrome's ANGLE graphics layer prior to version 148.0.7778.216 allows remote attackers to potentially achieve code execution within the renderer process when a victim visits a crafted HTML page. Google rated the issue High severity and has shipped a stable-channel fix; no public exploit identified at time of analysis and EPSS is currently 0.03% (10th percentile), indicating low observed exploitation interest despite the strong technical impact.
Remote code execution in Google Chrome prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code within the renderer sandbox by tricking a user into visiting a crafted HTML page that triggers a heap buffer overflow in the WebCodecs component. Chromium rates this severity High and a vendor patch is available, though EPSS exploitation probability is currently very low (0.03%, 9th percentile) and there is no public exploit identified at time of analysis.
Remote code execution in Google Chrome's V8 JavaScript engine prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code inside the renderer sandbox via a crafted HTML page. The Chromium project rates the severity as High and CVSS scores it 8.8 (network-reachable, low complexity, no privileges, user interaction required). No public exploit identified at time of analysis, and EPSS is very low (0.04%, 12th percentile), suggesting limited near-term mass-exploitation likelihood despite the high impact rating.
Sandbox escape in Google Chrome on Windows versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a use-after-free flaw in the UI component, triggered by a crafted HTML page. Chromium rates this High severity and a vendor patch is available, though no public exploit has been identified at time of analysis and EPSS exploitation probability is very low (0.03%, 11th percentile).
Sandbox escape in Google Chrome on macOS prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the GPU/GFX sandbox via a crafted HTML page, leveraging a use-after-free condition. The flaw is rated High severity by Chromium (CVSS 8.3) and requires user interaction plus a chained renderer compromise; no public exploit identified at time of analysis and EPSS exploitation probability is very low (0.03%).
Cross-origin data leakage in Google Chrome's ANGLE graphics layer affects all versions prior to 148.0.7778.216, enabling remote unauthenticated attackers (PR:N) to read cross-process memory contents via a crafted HTML page. The root cause is an uninitialized variable (CWE-457) in ANGLE - Chrome's OpenGL ES abstraction layer - where stale memory contents can be read and exfiltrated across security origins. No public exploit code has been identified at time of analysis and the EPSS score of 0.03% (11th percentile) indicates very low current exploitation probability; however, the low attack complexity (AC:L) and zero privilege requirement make opportunistic targeting feasible once exploitation techniques mature.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the Aura UI framework component. A remote attacker who lures a user to a malicious HTML page and convinces them to perform specific UI gestures can execute arbitrary code within the browser process. No public exploit identified at time of analysis, and the CVSS 7.5 score reflects high attack complexity combined with required user interaction.
Use-after-free in the Input component of Google Chrome prior to 148.0.7778.216 allows a remote attacker to trigger heap corruption when a victim is lured to a crafted HTML page and performs specific UI gestures. Chromium rates the severity High, and while no public exploit identified at time of analysis and EPSS is very low (0.03%, 11th percentile), the bug class historically yields renderer RCE when chained with a sandbox escape. A vendor patch is available in the stable channel update referenced by Google.
Sandbox escape in Google Chrome on Windows prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the renderer sandbox via a use-after-free in the ANGLE graphics layer. Exploitation requires user interaction (visiting a crafted HTML page) and a pre-existing renderer compromise, so it functions as the second stage of an exploit chain rather than a standalone RCE. No public exploit identified at time of analysis and EPSS is very low (0.03%), but Chrome rates the underlying flaw as High severity.
Sandbox escape in Google Chrome's GPU process prior to version 148.0.7778.216 lets a remote attacker who has already gained code execution inside the renderer process break out of Chrome's sandbox via a crafted HTML page. The flaw is a use-after-free (CWE-416) rated High by Chromium and carries CVSS 8.3 (AV:N/AC:H/PR:N/UI:R/S:C). EPSS is very low (0.03%), and there is no public exploit identified at time of analysis, but the bug is part of a stable-channel security release shipped by Google.
Out-of-bounds memory write in Dawn, Chrome's WebGPU implementation, affects Google Chrome on macOS prior to version 148.0.7778.216. Remote unauthenticated attackers (per CVSS PR:N) can trigger the write via a crafted HTML page requiring only a single user interaction - visiting a malicious site. The CVSS-scored impact is constrained to low integrity (I:L), with no confidentiality or availability impact confirmed, suggesting the write primitive is limited or difficult to weaponize for full code execution without chaining additional exploits. No public exploit identified at time of analysis and EPSS at 0.03% (11th percentile) indicates very low exploitation probability.
Cross-origin data leakage in Google Chrome's WebGL implementation on Android allows remote unauthenticated attackers to exfiltrate sensitive cross-origin content from a victim's browser session. Affected are all Chrome for Android releases prior to 148.0.7778.216. Exploitation requires the victim to visit a crafted HTML page, but no prior privileges or authentication are needed on the attacker's side. No public exploit identified at time of analysis and EPSS remains at 0.03%, indicating low automated or widespread exploitation pressure.
Remote code execution in Google Chrome for Windows prior to 148.0.7778.216 stems from an out-of-bounds read in the ANGLE graphics abstraction layer, enabling attackers who lure a user to a malicious page to execute arbitrary code in the renderer context. Chromium rates the severity High and CVSS scores it 8.8 due to network reach and high impact across confidentiality, integrity, and availability, though successful exploitation requires user interaction (visiting the crafted page). No public exploit has been identified at time of analysis, but ANGLE bugs have historically been chained into browser sandbox escapes.
Remote code execution in Google Chrome's ANGLE graphics layer prior to version 148.0.7778.216 allows attackers to run arbitrary code inside the browser sandbox when a victim visits a crafted HTML page. The flaw is a use-after-free memory corruption issue (CWE-416) reported internally by the Chrome team and rated High by Chromium; no public exploit identified at time of analysis, though Chrome UAF bugs in ANGLE are historically attractive targets and pair well with sandbox escapes.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 leverages a heap buffer overflow in the ANGLE graphics translation layer, enabling attackers who have already compromised the renderer process to break out of Chrome's sandbox via a crafted HTML page. Chromium rates the severity as High and CVSS scores it at 8.3, though EPSS remains very low at 0.03% and no public exploit has been identified at time of analysis.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 enables remote attackers, who have already compromised the renderer process, to break out of the browser sandbox via a use-after-free flaw in the ANGLE graphics translation layer. Exploitation requires user interaction (visiting a crafted HTML page) and a prior renderer compromise, making this a second-stage primitive in a chained attack. EPSS is low at 0.03% and there is no public exploit identified at time of analysis, though Google rates the underlying Chromium severity as High.
Sandbox escape in Google Chrome on Windows before 148.0.7778.216 lets a remote attacker who has already compromised the renderer process break out of the Chrome sandbox via a crafted HTML page that triggers a heap buffer overflow in ANGLE. The flaw carries CVSS 8.3 (High) and is rated Chromium-severity High, but EPSS is only 0.03% and there is no public exploit identified at time of analysis. Patched in the Stable channel update announced by Google on the Chrome Releases blog.
Heap corruption in Google Chrome's Skia graphics library affects all versions prior to 148.0.7778.216 and can be triggered by a remote attacker hosting a crafted HTML page. Successful exploitation requires user interaction (visiting the page) but yields high confidentiality, integrity, and availability impact within the renderer context. No public exploit is identified at time of analysis and EPSS is very low (0.03%), though Chromium rates the severity as High and a vendor patch is available.
Renderer-to-browser sandbox escape in Google Chrome on macOS prior to 148.0.7778.216 enables remote code execution via a use-after-free in the GPU process. An attacker who has already compromised the renderer can leverage a crafted HTML page to corrupt GPU process memory and execute arbitrary code outside the renderer sandbox. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but Chromium rates the underlying severity as High.
Cross-origin information disclosure in Google Chrome for Android allows a remote attacker to leak sensitive cross-origin data by luring a victim to a crafted HTML page that exploits uninitialized memory in the WebGL implementation. Affected are all Chrome for Android releases prior to 148.0.7778.216. No public exploit code exists and no active exploitation has been confirmed (not in CISA KEV), with EPSS at 0.03% (10th percentile) reflecting minimal current exploitation activity.
Cross-origin data disclosure in Google Chrome on Android (prior to 148.0.7778.216) stems from uninitialized GPU memory that a renderer-compromised attacker can read via a crafted HTML page. This is a second-stage, chained vulnerability - exploitation requires that the renderer process has already been compromised through a separate, unspecified vector. CVSS rates this Low (3.1) consistent with the constrained impact (C:L only) and high attack complexity; EPSS of 0.03% (11th percentile) confirms no public exploit identified at time of analysis.
Cross-origin data leakage in Google Chrome on Android (prior to 148.0.7778.216) via an out-of-bounds read in the WebGL rendering engine allows remote attackers to exfiltrate memory contents when a victim visits a crafted HTML page. The CVSS score of 4.3 (Medium) reflects a network-reachable, low-complexity attack requiring no privileges but dependent on user interaction, with confidentiality impact limited to partial disclosure. No public exploit code or CISA KEV listing has been identified at time of analysis, and an EPSS score of 0.03% (10th percentile) corroborates low active exploitation likelihood; however, the platform-specific scope (Android Chrome) and cross-origin data exposure potential make this relevant for organizations with mobile browser threat models.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker to break out of the renderer sandbox via a crafted HTML page that triggers an inappropriate implementation flaw in the Tint graphics component. The issue carries a CVSS 9.6 (scope-changed) rating reflecting cross-boundary impact, requires user interaction (visiting a malicious page), and is rated High severity by Chromium; there is no public exploit identified at time of analysis and EPSS is low at 0.03%.
Uninitialized memory exposure in the WebGL subsystem of Google Chrome on Android prior to 148.0.7778.216 allows unauthenticated remote attackers to read potentially sensitive data from browser process memory. Exploitation requires the victim to visit a specially crafted HTML page, placing this in the drive-by/social-engineering threat category rather than fully automated attacks. No public exploit code identified at time of analysis, and EPSS of 0.03% (10th percentile) reflects minimal current exploitation pressure despite the High CVSS confidentiality impact.
Out-of-bounds write in the ANGLE graphics translation layer in Google Chrome before 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to potentially escape the Chrome sandbox via a crafted HTML page. The flaw is rated High severity by Chromium and chained exploitation could lead to code execution outside the renderer sandbox, though no public exploit identified at time of analysis and EPSS estimates only a 0.03% near-term exploitation probability.
Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. Rated High by Chromium with CVSS 8.3 (scope-changed) and CWE-122 heap buffer overflow; no public exploit identified at time of analysis and EPSS is very low (0.03%), but the vulnerability is in the second-stage chain typically combined with a renderer RCE.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page exploiting insufficient input validation in the ANGLE graphics layer. The flaw carries a CVSS 8.3 (High) rating with scope change and full CIA impact, but EPSS is very low at 0.05% (15th percentile) and there is no public exploit identified at time of analysis. Chrome's security team rated this High severity and a patched stable channel build is available.
Out-of-bounds read in Google Chrome's ANGLE graphics abstraction layer (versions prior to 148.0.7778.216) allows remote unauthenticated attackers to potentially read limited memory contents from within the browser's process space when a user visits a crafted HTML page. The flaw originates from an inappropriate implementation within ANGLE's rendering pipeline - Chrome's cross-platform graphics engine - resulting in a CWE-125 out-of-bounds read condition with limited confidentiality impact (C:L) and no integrity or availability consequences. No public exploit code has been identified at time of analysis, and EPSS scores this at 0.03% (11th percentile), indicating very low real-world exploitation probability.
GPU memory disclosure in Google Chrome on Android (versions prior to 148.0.7778.216) exposes potentially sensitive process memory to unauthenticated remote attackers via crafted HTML pages. The root cause is an inappropriate implementation within Chrome's GPU subsystem on Android, classified as CWE-200, which permits out-of-bounds or unauthorized memory reads during rendering operations. No public exploit code exists and no active exploitation is confirmed; EPSS probability sits at a low 0.03%, though the Android-only scope and requirement for user interaction are the primary limiting factors rather than intrinsic exploitation difficulty.
Out-of-bounds memory read via integer overflow in Chrome's ANGLE graphics layer exposes limited memory contents to remote attackers who can lure victims to a malicious page. Affected are all Google Chrome versions prior to 148.0.7778.216 on desktop platforms. The vulnerability carries a CVSS score of 4.3 (Medium) with a confidentiality-only impact; no public exploit code exists and no active exploitation has been confirmed, with EPSS at 0.03% (11th percentile), placing real-world risk at low-to-moderate despite the network-accessible attack vector.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from an out-of-bounds memory access in the ANGLE graphics translation layer that lets a remote attacker run arbitrary code inside the renderer sandbox via a crafted HTML page. Chromium rates the issue High severity and a vendor patch is available, though no public exploit identified at time of analysis and the EPSS score of 0.04% (12th percentile) indicates very low observed exploitation likelihood at this time.
Sandboxed arbitrary code execution in Google Chrome (Skia graphics library) prior to version 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to execute additional code inside the Chrome sandbox via a crafted HTML page. The flaw is an integer overflow rated High by Chromium's security team with a CVSS of 7.5, but EPSS is very low (0.04%, 12th percentile) and there is no public exploit identified at time of analysis. Exploitation requires user interaction (visiting a page) and a pre-existing renderer compromise, so this is a chain component rather than a standalone RCE.
Out-of-bounds read in Chrome's ANGLE graphics layer exposes process memory contents to unauthenticated remote attackers who can lure a user to a crafted HTML page. All Google Chrome desktop versions prior to 148.0.7778.216 are affected, with the vulnerability carrying a CVSS 6.5 and exclusively a confidentiality impact - no integrity or availability loss. No public exploit code has been identified at time of analysis, and the EPSS score of 0.03% (11th percentile) reflects low current exploitation activity, consistent with a typical Chrome graphics-component disclosure ahead of a stable channel patch.
Cross-origin data leakage in Google Chrome's Dawn WebGPU implementation on Windows affects all versions prior to 148.0.7778.216. The out-of-bounds read (CWE-125) in the Dawn graphics layer allows remote unauthenticated attackers to exfiltrate cross-origin data by enticing a user to visit a crafted HTML page, exploiting improper buffer boundary enforcement during GPU operations. No public exploit code or CISA KEV listing exists at time of analysis; EPSS at 0.03% (11th percentile) indicates very low automated exploitation likelihood, consistent with the moderate CVSS 4.3 score and required user interaction.
Sandbox escape in Google Chrome before 148.0.7778.216 enables a remote attacker who has already compromised the renderer process to break out of Chrome's sandbox through an out-of-bounds write in the GPU process triggered by a crafted HTML page. Google rates the Chromium security severity as High and a vendor patch is available, but no public exploit has been identified at time of analysis and EPSS exploitation probability is low at 0.03% (11th percentile).
Sandbox escape in Google Chrome on Windows prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting a use-after-free in the Accessibility component. Chromium rates the severity as High and a vendor patch is available, but no public exploit has been identified at time of analysis and EPSS exploitation probability remains very low at 0.03%.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free condition in the ANGLE graphics translation layer, triggered when a victim visits a crafted HTML page. Remote attackers can potentially break out of Chrome's renderer sandbox to gain broader access on the host system. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.03% (11th percentile), though the Chromium team rated severity as High.
Site Isolation bypass in Google Chrome prior to 148.0.7778.216 enables a remote attacker - who has already compromised the renderer process - to escape cross-origin protections by delivering a crafted MHTML page. Rooted in CWE-20 (Improper Input Validation) within Chrome's Site Isolation subsystem, successful exploitation yields limited confidentiality, integrity, and availability impact across cross-origin content boundaries. No public exploit code has been identified and no CISA KEV listing exists; EPSS sits at 0.02% (6th percentile), consistent with a constrained, multi-prerequisite attack chain rather than widespread opportunistic exploitation.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that triggers a use-after-free in the Accessibility component. Chromium rates the issue High severity and a vendor patch is available, though no public exploit identified at time of analysis and EPSS exploitation probability is currently low (0.03%, 11th percentile).
Sandbox escape and arbitrary code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the ANGLE graphics translation layer. An attacker who has already compromised the renderer process can leverage a crafted HTML page to break memory safety and execute code in a higher-privileged context. No public exploit identified at time of analysis, though Chromium rates the underlying severity as High.
Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of Chrome's sandbox via a crafted HTML page. Rated High severity by Chromium with a CVSS of 8.3, the issue is patched but no public exploit has been identified at time of analysis, and EPSS exploitation probability is low (0.03%, 11th percentile).
Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free (CWE-416) rated High severity by Chromium with a CVSS score of 8.3, but EPSS exploitation probability is currently very low at 0.03% and no public exploit has been identified at time of analysis.
Sandbox escape in Google Chrome on Android prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers insufficient input validation in the GPU component. Chromium rates the severity High and CVSS scores it 8.3, but EPSS exploitation probability is very low (0.05%, 15th percentile) and there is no public exploit identified at time of analysis.
Remote code execution in Google Chrome prior to 148.0.7778.216 enables a remote attacker to execute arbitrary code within the renderer sandbox by luring a user to a crafted HTML page that triggers a use-after-free in the DOM implementation. The flaw carries a CVSS 8.8 (High) rating reflecting network reach with required user interaction, and Google has rated the Chromium severity as High; no public exploit is identified at the time of analysis and the issue is not listed in CISA KEV.
Remote code execution in Google Chrome's V8 JavaScript engine prior to version 148.0.7778.216 allows remote attackers to execute arbitrary code inside the renderer sandbox by luring a user to a crafted HTML page. The flaw is a CWE-787 out-of-bounds write in V8 carrying a CVSS 8.8 (High) with Chromium severity rated High; no public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via an out-of-bounds read in the GPU process triggered by a crafted HTML page. Google rates the underlying issue as High severity, and while a vendor patch is shipped, EPSS shows only 0.03% (11th percentile) exploitation probability and no public exploit code or active exploitation has been identified at the time of analysis.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of Chrome's sandbox via a use-after-free in the GPU process. Chrome rates the underlying memory corruption as High severity, and while no public exploit identified at time of analysis, the bug is part of a chained-exploit class historically weaponized against browsers. EPSS is very low (0.03%) reflecting the prerequisite of an already-compromised renderer rather than a direct one-shot RCE.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the Chromium sandbox via a crafted HTML page that triggers a use-after-free in the Skia graphics library. Google rated this Critical internally, though no public exploit identified at time of analysis and EPSS scores exploitation probability at just 0.03% (11th percentile). The flaw requires chaining with a separate renderer compromise, so it is a second-stage primitive rather than a single-shot RCE.
Sandbox escape in Google Chrome on Android prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting an inappropriate implementation in the Skia graphics library. Chromium rates the underlying issue as Critical severity, though no public exploit is identified at time of analysis and EPSS is very low at 0.03%. This is a chain-stage bug - exploitation requires a pre-existing renderer compromise, making it valuable as the second link in a full Android browser exploit chain rather than a standalone vector.
Sandbox escape in Google Chrome before 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted Chrome Extension exploiting a use-after-free in the Extensions component. Chromium rates the underlying flaw as Critical severity, though no public exploit has been identified at time of analysis and EPSS exploitation probability sits at 0.03% (11th percentile).
Sandbox escape in Google Chrome on Windows prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page targeting the XR (WebXR) component. The flaw is a use-after-free rated Critical by Chromium and CVSS 8.3 (AV:N/AC:H/PR:N/UI:R/S:C); no public exploit identified at time of analysis and EPSS is low at 0.03%, but the bug forms a key link in a multi-stage browser exploit chain.
Sandbox escape in Google Chrome on Android prior to 148.0.7778.216 allows a remote attacker to break out of the renderer sandbox by serving a crafted HTML page that triggers an out-of-bounds read and write in the Dawn WebGPU implementation. Chromium rates the underlying issue as Critical severity, and CVSS 8.3 with scope change reflects the cross-boundary impact, though EPSS is low at 0.03% and no public exploit has been identified at time of analysis.
Sandbox escape in Google Chrome for Android versions prior to 148.0.7778.216 enables a remote attacker who has already compromised the renderer process to break out of the sandbox via a use-after-free flaw in the WebView component. Chromium rates the severity as Critical, and a vendor patch is available; no public exploit identified at time of analysis and EPSS is very low (0.03%, 10th percentile), but the chained-exploit potential against mobile users makes prompt patching important.
Remote code execution in Google Chrome prior to 148.0.7778.216 allows attackers to exploit a use-after-free condition in the Proxy component via a malicious PAC (Proxy Auto-Config) script delivered through a crafted web page. Chromium rates this as Critical severity, and while no public exploit identified at time of analysis, the EPSS score of 0.04% reflects low predicted exploitation activity despite the high CVSS 8.8 rating. Successful exploitation requires user interaction (UI:R) such as visiting an attacker-controlled page that triggers the vulnerable PAC processing path.
Sandbox escape in Google Chrome on macOS prior to 148.0.7778.216 allows a remote attacker to break out of the renderer sandbox by enticing a user to visit a crafted HTML page that triggers a use-after-free in the Base component. Chromium rates the severity Critical and CVSS scores it 9.6, though no public exploit is identified at time of analysis and EPSS exploitation probability is currently very low (0.03%).
Sandbox escape in Google Chrome on macOS prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that abuses insufficient UI input validation. Chromium rates the underlying issue Critical, though current intelligence shows no public exploit identified at time of analysis and a very low EPSS score (0.05%, 15th percentile), indicating the bug is patched before broad weaponization. Exploitation requires chaining with a separate renderer compromise and user interaction, raising the practical bar despite the high CVSS of 8.3.
Remote code execution in Google Chrome on macOS prior to version 148.0.7778.216 allows attackers to exploit a use-after-free flaw in the Browser component via a malicious HTML page. Rated Critical by Chromium's security team with a CVSS of 8.8, exploitation requires user interaction (visiting a crafted page) but no authentication, and no public exploit identified at time of analysis. A vendor patch is available through the Chrome stable channel update.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code via a crafted HTML page exploiting a use-after-free flaw in the Base component. Chromium classifies the severity as Critical, and Google has shipped a stable channel update; no public exploit has been identified at time of analysis. Exploitation requires user interaction (visiting a malicious page), which is the typical drive-by browser attack model.
Cross-origin data leakage in Google Chrome's ANGLE graphics layer (prior to 148.0.7778.216) allows unauthenticated remote attackers to read sensitive cross-origin information by luring a victim to a crafted HTML page. The root cause is an integer overflow in ANGLE, Chrome's graphics translation engine, which is internally rated Critical by the Chrome security team despite a CVSS score of only 4.3. No public exploit has been identified at time of analysis, and the EPSS exploitation probability is very low at 0.03% (11th percentile), though the cross-origin data leakage class of vulnerability has historically attracted targeted exploitation in browser ecosystems.
Sandbox escape in Google Chrome on macOS versions prior to 148.0.7778.216 allows attackers to break out of the browser's renderer sandbox via a use-after-free flaw in the Bluetooth component. Exploitation requires convincing a user to install a malicious Chrome Extension, which then triggers the bug through crafted extension interactions. Chromium rates this Critical severity; no public exploit identified at time of analysis and EPSS remains low (0.01%) despite the high CVSS of 9.0.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that abuses insufficient input validation in WebGL. Chromium rates the underlying severity as Critical, and while no public exploit is identified at time of analysis, the EPSS score is low (0.04%, 14th percentile) and the CVSS:3.1 base is 8.3 due to high attack complexity and required user interaction. The flaw is part of a multi-stage exploit chain rather than a one-shot RCE.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from an out-of-bounds write in the ANGLE graphics translation layer, allowing a remote attacker to execute arbitrary code in the browser's renderer context after a victim visits a crafted HTML page. Chromium rates this severity Critical and CVSS scores it 8.8, with vendor patches released via the Stable channel update; no public exploit identified at time of analysis.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in ANGLE, the graphics abstraction layer that translates OpenGL ES calls to native GPU APIs. A remote attacker who lures a user into visiting a crafted HTML page can execute arbitrary code within the renderer sandbox, with Chromium rating the severity as Critical. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 enables a remote attacker who has already compromised the renderer process to break out of Chrome's sandbox via a use-after-free flaw in the ANGLE graphics translation layer. Exploitation requires user interaction with a crafted HTML page and is typically chained with a separate renderer-compromise bug. No public exploit identified at time of analysis, and EPSS is very low (0.03%), though Google rated the underlying issue Critical severity.
Sandbox escape in Google Chrome for Android prior to 148.0.7778.216 allows a remote attacker who lures a user to a crafted HTML page to break out of the renderer sandbox by exploiting a use-after-free condition in the WebGL component. Chromium rates the issue Critical and CVSS scores it 9.6 due to the scope change from compromised renderer to host, though EPSS is only 0.03% (10th percentile) and no public exploit identified at time of analysis.
Sandbox escape in Google Chrome on Android prior to 148.0.7778.216 allows remote attackers to potentially break out of the renderer sandbox via an out-of-bounds read in the WebGL component when a victim visits a crafted HTML page. Chromium rates the underlying issue as Critical severity, and while no public exploit is identified at time of analysis (EPSS 0.03%), the combination of scope-change (S:C) and full CIA impact makes this a high-priority browser patch for Android fleets.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker to exploit a use-after-free condition in the Dawn WebGPU implementation through a crafted HTML page, leading to potential escape from the browser's renderer sandbox. The flaw carries a CVSS 9.6 with scope change reflecting cross-boundary impact, and while no public exploit identified at time of analysis, Google's own classification of the underlying Chromium severity as Critical signals significant risk to end users. EPSS is currently low (0.03%, 11th percentile), suggesting no widespread exploitation has been observed yet despite the severity.
Remote code execution in Google Chrome desktop versions prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code within the renderer sandbox by serving a crafted HTML page that triggers a use-after-free condition in the Network component. Google rates the underlying Chromium issue as Critical severity, and no public exploit identified at time of analysis, though the bug class and reachable attack surface make it a high-priority browser patch.
Sandbox escape in Google Chrome on Android prior to 148.0.7778.216 allows remote attackers to corrupt GPU process memory via a crafted HTML page, breaking out of the renderer sandbox boundary. Chromium rates this Critical severity with a CVSS of 9.6 due to scope change, though EPSS remains low at 0.03% and no public exploit identified at time of analysis.
Authentication bypass in SpSoft AppLock 7.9.40 for Android allows a local attacker with physical device access to circumvent fingerprint or PIN protection and access locked applications such as Chrome. The flaw stems from the app's reliance on a custom UI overlay rather than enforcing authentication at a deeper system level - cascading interface navigation triggered via advertisement or browser intents exposes routes that allow the attacker to exit the lock screen without re-authenticating. No public exploitation (CISA KEV) has been confirmed, but a researcher-published proof-of-concept exists on GitHub, and EPSS is low at 0.04% (11th percentile), consistent with the physical-access requirement limiting opportunistic exploitation.
SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config permission inject arbitrary SQL through the custom-report column-config endpoint, which concatenates user-supplied 'sql', 'from', and 'where' fields directly into a query executed via Doctrine's fetchAssociative(). Because the controller returns raw database error messages in its JSON response, attackers can perform error-based extraction (e.g. EXTRACTVALUE) to read credentials and arbitrary tables, and can bypass the keyword denylist using inline /**/ comments to reach UPDATE/INSERT/DELETE - compromising confidentiality and integrity. Publicly available exploit code exists (a full PoC is published in the GitHub advisory); no CISA KEV listing or EPSS score is present in the provided data.