HIGH 8.3

CVE-2026-10925: Skia Out-of-Bounds Write Enables macOS Chrome Sandbox Escape

A memory corruption flaw exists in the Skia graphics library within Google Chrome on macOS. An attacker who has already compromised Chrome's renderer process can exploit this out-of-bounds write to break out of the browser sandbox and gain system-level access. The attack requires user interaction (visiting a malicious webpage) but bypasses Chrome's primary security boundary once the renderer is under attacker control.

Source data · NVD / CISA · public domain

CVSS
3.1 · 8.3 HIGH · CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Weaknesses (CWE)
CWE-787
Affected products
2 configuration(s)
Published / Modified
2026-06-04 / 2026-06-17

NVD description (verbatim)

Out of bounds write in Skia in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

2 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

CVE-2026-10925 is an out-of-bounds write vulnerability (CWE-787) in Skia, Chrome's 2D graphics rendering engine. The flaw allows a compromised renderer process to write memory beyond intended buffer boundaries. On macOS, this memory corruption can be leveraged to escape the sandbox isolation layer, enabling arbitrary code execution with the privileges of the user running Chrome. The vulnerability requires a multi-stage attack: first compromising the renderer (via a separate vulnerability or attack vector), then exploiting this flaw via crafted HTML to achieve sandbox escape.

Business impact

This vulnerability represents a critical escalation risk for Chrome users on macOS. While the initial renderer compromise requires a separate attack vector, the sandbox escape capability means an attacker can move from browser process compromise to full system compromise. Organizations supporting macOS users face elevated risk of data exfiltration, lateral movement to corporate networks, and malware installation if users visit malicious sites while using vulnerable Chrome versions.

Affected systems

Google Chrome on macOS versions prior to 149.0.7827.53 are affected. The vulnerability is specific to macOS; Chrome on other operating systems has different sandbox architectures and is not impacted by this particular memory corruption. macOS versions are not directly affected—the issue lies in Chrome's Skia library on that platform.

Exploitability

Exploitation requires two conditions: (1) the renderer process must first be compromised through another vulnerability or attack, and (2) the user must then visit a page containing malicious HTML that triggers the out-of-bounds write. The attack chain is not trivial, but once triggered, sandbox escape is reliable. The vulnerability is not currently tracked in CISA's Known Exploited Vulnerabilities catalog, indicating no evidence of active in-the-wild exploitation at publication, though targeted attacks are plausible given the sandbox escape capability.

Remediation

Update Google Chrome on macOS to version 149.0.7827.53 or later. Chrome's auto-update mechanism typically deploys patches within days, but users should verify they are running the patched version via Chrome menu > About Google Chrome. For organizations, consider enforcing Chrome updates via MDM (Mobile Device Management) or equivalent macOS management tools.

Patch guidance

Google Chrome on macOS receives automatic security updates. Users should ensure auto-updates are enabled (default) and allow Chrome to restart when prompted. Verify patched status by opening Chrome, navigating to Help > About Google Chrome, and confirming the version number is 149.0.7827.53 or higher. Organizations managing macOS fleets should verify patch deployment and consider a grace period during which users are prompted to update before enforcement policies take effect. Refer to Google's official Chrome security updates page for vendor-specific guidance.

Detection guidance

Monitor Chrome process behavior for unusual memory access patterns or spawning of unexpected child processes, which may indicate attempted sandbox escape. On macOS, check Chrome's update status via System Preferences > Apps or by reviewing Chrome's Help menu. Log aggregation systems can track Chrome crash reports that may correlate with exploitation attempts. Endpoint Detection and Response (EDR) tools should flag memory corruption exploits targeting Skia libraries. Note that detection of exploitation attempts is difficult until post-compromise investigation; prevention via timely patching remains the primary control.

Why prioritize this

Although the vulnerability requires prior renderer compromise and is not yet known to be exploited in the wild, the sandbox escape capability elevates it to high priority. Attackers who successfully compromise the renderer—via watering-hole attacks, phishing with malicious documents, or supply-chain compromises—can weaponize this flaw to gain full system access. For macOS-heavy environments (design, research, media organizations) and users handling sensitive data, this chain represents a realistic advanced threat scenario.

Risk score, explained

CVE-2026-10925 carries a CVSS 3.1 score of 8.3 (HIGH). This reflects high impact (C:H, I:H, A:H) but moderate attack complexity (AC:H) due to the requirement for prior renderer compromise and user interaction. The complex attack (AV:N, AC:H) prevents a 9.0+ rating, but the sandbox escape and consequent system-level access justify the 8.3 severity. The vulnerability alone does not grant remote code execution; it enables privilege escalation within an already-compromised browser, making it a critical link in a multi-stage attack chain.

Frequently asked questions

Can this vulnerability be exploited without first compromising Chrome's renderer?

No. The out-of-bounds write in Skia requires the attacker to already control code execution within the Chrome renderer process. This flaw enables sandbox escape from that position, but cannot be exploited from a web page alone. An attacker must first chain this with another renderer vulnerability or social engineering attack.

Does this affect Chrome on Windows or Linux?

No, this CVE is specific to macOS. While Skia is used across all Chrome platforms, the sandbox escape path through this particular memory corruption is unique to macOS's sandbox architecture. Windows and Linux Chrome users are not affected by this CVE.

How quickly should we patch Chrome on macOS?

Treat this as a priority patch within 1-2 weeks, particularly if your organization uses macOS and users access potentially untrusted web content or email. The sandbox escape capability makes this higher priority than typical memory bugs. Chrome's auto-update handles this automatically for most users, but enterprise deployments should verify rollout within your MDM policies.

What should we do if we suspect this vulnerability was exploited against one of our users?

Assume full system compromise if renderer compromise is suspected. Isolate the affected macOS device, preserve forensic logs, and assess lateral movement to networked resources. Review browser history, temporary files, and system logs for signs of post-compromise activity. Engage your incident response team or external forensics provider to investigate the full scope of access.

This analysis is provided for informational purposes to assist security professionals in vulnerability assessment and remediation planning. The information reflects the state of the vulnerability as of the publication date and may change as new details emerge. Always verify vendor advisories, patch availability, and your own environment's exposure before taking action. Patch version numbers, CVSS scores, and other technical data are drawn from official vendor sources; where guidance differs from official documentation, defer to the vendor. This analysis does not constitute legal advice or a guarantee of security; your organization remains responsible for its own risk management and compliance obligations. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).