HIGH 8.3

CVE-2026-9925: Chrome ANGLE Use-After-Free Sandbox Escape (CVSS 8.3)

A use-after-free flaw in ANGLE (the graphics abstraction layer used by Google Chrome) can allow an attacker to escape the browser sandbox if they first compromise the renderer process. The attacker would craft a malicious HTML page to trigger memory corruption that leads to code execution outside the sandbox boundary. This requires two conditions: initial renderer compromise and user interaction with the hostile page.

Source data · NVD / CISA · public domain

CVSS
3.1 · 8.3 HIGH · CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Weaknesses (CWE)
CWE-416
Affected products
4 configuration(s)
Published / Modified
2026-05-28 / 2026-06-17

NVD description (verbatim)

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

2 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

CVE-2026-9925 is a use-after-free vulnerability (CWE-416) in ANGLE within Google Chrome versions prior to 148.0.7778.216. The flaw exists in memory management where a freed object is accessed after deallocation, causing undefined behavior in the graphics rendering pipeline. An attacker with an already-compromised renderer process can craft HTML triggering this condition to achieve arbitrary code execution in the browser process context, bypassing the multi-process sandbox that normally isolates renderers from the host system. The CVSS 3.1 score of 8.3 reflects the high impact (confidentiality, integrity, availability all affected) combined with the prerequisite of renderer compromise and user interaction.

Business impact

Organizations relying on Chrome as a primary browser face potential endpoint compromise if users are socially engineered to visit attacker-controlled sites following a separate renderer exploit. A successful sandbox escape converts a renderer-level compromise into a full browser-process compromise, potentially allowing access to stored credentials, cookies, and cached data. In environments where Chrome runs with elevated privileges or where the browser is an attack vector for lateral movement, this escalates risk significantly. However, the two-stage attack requirement (initial renderer exploit plus sandbox escape) makes this a secondary risk vector rather than an entry point.

Affected systems

Google Chrome prior to version 148.0.7778.216 is affected across all supported platforms: Windows, macOS, and Linux distributions. The vulnerability is specific to the Chromium rendering engine; other Chromium-based browsers (Edge, Brave, Opera) using vulnerable ANGLE versions may also be affected but are not explicitly listed in the CVE. Organizations should verify whether their deployed Chromium variants have backported or applied the fix independently.

Exploitability

Practical exploitation requires two prerequisites: first, a separate vulnerability or social engineering to compromise the Chrome renderer process, and second, user interaction (typically page visit) with attacker-supplied HTML. This two-stage requirement significantly reduces real-world exploitability compared to a direct unauthenticated remote code execution. No public exploit code or in-the-wild attacks have been confirmed (KEV status is not listed). The attack is reliable once renderer compromise is achieved, making it valuable to sophisticated threat actors pursuing multi-stage campaigns but not an immediate mass-exploitation risk.

Remediation

Update Google Chrome to version 148.0.7778.216 or later immediately. The fix addresses the underlying use-after-free in ANGLE's memory management. Users on managed endpoints should deploy this update via standard patch management channels; Chrome's auto-update mechanism typically deploys patches within days of release. Verify patch deployment through Chrome's about:version page or MDM telemetry. No workarounds short of disabling JavaScript rendering are viable.

Patch guidance

Upgrade to Chrome 148.0.7778.216 or any subsequent stable release. On Windows, macOS, and Linux, initiate update via Chrome Menu > Help > About Google Chrome, which triggers automated patching if available. Enterprise administrators should push updates via group policy (Windows), MDM profiles (macOS), or package management (Linux). Verify the patched version is deployed before deprioritizing. If auto-update is disabled in your environment, manual deployment is required. Consult the Chromium release notes (chromium.googlesource.com) to confirm the patch is included in each release channel.

Detection guidance

Endpoint Detection and Response (EDR) systems should monitor for anomalous ANGLE process behavior: unexpected syscalls from the Chrome GPU or renderer process, heap corruption indicators, or cross-process memory access patterns. Log Chrome crash dumps for post-incident analysis. Network detection is minimal since exploitation occurs locally after page rendering. Focus on identifying compromised renderers via malware telemetry or supply-chain analysis rather than detecting the sandbox escape itself. Confirm browser versions via asset inventory to identify vulnerable instances prior to patching.

Why prioritize this

This is a high-priority update but not an emergency requiring emergency change windows. The CVSS 8.3 score and sandbox-escape capability warrant deployment within 2–3 weeks. The two-stage attack requirement and lack of KEV listing mean it is less urgent than direct RCE vulnerabilities. Prioritize based on: (1) whether your users are targeted by sophisticated threat actors (APT risk), (2) the prevalence of prior-stage renderer exploits in your threat model, and (3) whether Chrome runs in high-trust contexts (admin accounts, sensitive systems).

Risk score, explained

The CVSS 3.1 score of 8.3 (HIGH) reflects: (1) high impact across confidentiality, integrity, and availability (all C, I, A ratings), (2) network-adjacent attack vector (user must visit a page), (3) high attack complexity (requires prior renderer compromise), and (4) user interaction required. The score appropriately penalizes the dual prerequisites while acknowledging the severity of a sandbox escape. In your environment, adjust risk perception downward if renderer exploits are not a realistic threat vector, but maintain HIGH status due to the potential for multi-stage campaigns.

Frequently asked questions

Do I need to worry about this if I use a Chromium-based browser like Edge or Brave instead of Chrome?

Potentially yes, but only if that browser uses a vulnerable version of ANGLE. Microsoft Edge auto-updates independently and typically patches within days of Chromium fixes. Check your browser's about page for version and cross-reference with the vendor's security advisory. Brave and other derivatives may lag behind Chromium's patch cycle by weeks or months.

What is ANGLE and why does a graphics library have such a critical vulnerability?

ANGLE (Almost Native Graphics Layer Engine) is Chrome's translation layer that converts WebGL and OpenGL calls into Direct3D (Windows) or Metal (macOS) commands. It is a complex, low-level system component; use-after-free flaws in memory-intensive graphics code can lead to powerful exploits because they grant direct access to rendering pipelines and system resources.

Does this vulnerability allow an attacker to compromise my computer directly from the internet?

No. An attacker cannot exploit this vulnerability remotely without first compromising your browser's renderer process through a separate exploit. This is a sandbox-escape vulnerability, not an entry point. It is part of a multi-stage attack chain, not a standalone threat.

Is there any public exploit code available for this vulnerability?

No active public exploit code or in-the-wild campaigns have been disclosed. The vulnerability is not yet on the KEV (Known Exploited Vulnerabilities) catalog, suggesting it is not actively weaponized. Patch proactively rather than reactively waiting for exploit availability.

This analysis is based on publicly disclosed CVE information as of the modification date (2026-06-17). Patch versions, affected product lists, and CVSS scores are derived from official vendor advisories and the National Vulnerability Database. No exploit code or weaponized proof-of-concept steps are provided. Organizations should verify patch applicability within their specific environment and validate patch deployment before marking vulnerability as resolved. This document does not constitute professional security advice; consult your security team or vendor advisories for environment-specific guidance. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).