CVE-2026-9975: Chrome ANGLE Sandbox Escape – Out-of-Bounds Memory Vulnerability
A memory safety vulnerability in Google Chrome's ANGLE graphics library allows an attacker who has already compromised the browser's renderer process to break out of Chrome's sandbox and gain full system access. The flaw involves reading and writing memory beyond intended boundaries, creating a bridge from the restricted renderer environment to the host operating system. This requires the attacker to first successfully compromise the renderer (through a separate browser exploit or vulnerability) and then craft a malicious HTML page to trigger the escape.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 8.3 HIGH · CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
- Weaknesses (CWE)
- CWE-125, CWE-787
- Affected products
- 4 configuration(s)
- Published / Modified
- 2026-05-28 / 2026-06-17
NVD description (verbatim)
Out of bounds read and write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
2 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-9975 is a high-severity out-of-bounds read/write vulnerability in ANGLE, Google's graphics abstraction layer used by Chromium-based browsers. The vulnerability, categorized under CWE-125 (Out-of-bounds Read) and CWE-787 (Out-of-bounds Write), enables a renderer-process-compromised attacker to achieve sandbox escape. The renderer process in Chrome operates in a sandboxed environment with restricted system access; successful exploitation of this memory corruption flaw permits privilege escalation and unrestricted access to system resources. The vulnerability affects Chrome versions prior to 148.0.7778.216 and requires user interaction (crafted HTML page rendering) but not explicit user permission bypass.
Business impact
Successful exploitation represents a complete security boundary collapse for affected users. An attacker who gains renderer-process access can, through this vulnerability, achieve unrestricted code execution at the system level—effectively neutralizing Chrome's sandbox defense. This amplifies the impact of any initial renderer compromise (such as a drive-by download or watering-hole attack) from process-limited damage to full system compromise, including credential theft, data exfiltration, malware installation, and lateral movement. Organizations with high-value users (developers, financial services, government) face elevated risk if attackers actively chain renderer exploits with this escape.
Affected systems
Google Chrome versions before 148.0.7778.216 on Windows, macOS, and Linux systems are vulnerable. The vulnerability affects the ANGLE library, which is integral to Chrome's hardware-accelerated graphics rendering on all supported platforms. While ANGLE is also used in other Chromium-based browsers (Edge, Opera, etc.), the primary guidance references Chrome; other Chromium derivatives should verify their version status against Chrome release notes to determine exposure.
Exploitability
Exploitation requires two preconditions: first, the attacker must already have compromised the renderer process (via a separate vulnerability or attack), and second, the user must view a crafted HTML page. The CVSS vector indicates high attack complexity (AC:H), reflecting the need for renderer compromise as a prerequisite and the requirement for specific conditions to trigger the out-of-bounds access. The vulnerability is not trivially exploitable from an unauthenticated network position; it is a post-compromise sandbox-escape technique. It is not currently tracked in CISA's Known Exploited Vulnerabilities catalog, though this does not preclude active exploitation in targeted campaigns.
Remediation
Update Google Chrome to version 148.0.7778.216 or later immediately. Chrome will automatically download the update; users should restart the browser to apply it. Administrators should enforce Chrome auto-update policies and consider restricting renderer process permissions at the OS level (using AppArmor, SELinux, or Windows security policies) as a defense-in-depth measure. Additionally, organizations should audit for and remediate any initial renderer-process vulnerabilities in their environment, as this escape is only dangerous if renderer compromise has already occurred.
Patch guidance
Google released the fix in Chrome version 148.0.7778.216 on 2026-05-28. Verify the installed version via chrome://version or the Settings > About Chrome menu; Chrome will automatically check for and install updates. Administrators managing Chrome deployments should push this version via enterprise update channels (Google Admin Console, Group Policy, or mobile device management). Test patches in a non-production environment first to confirm compatibility with line-of-business web applications and extensions, though this is a security-critical update warranting rapid deployment.
Detection guidance
Monitor Chrome version compliance across your environment using endpoint management or browser telemetry tools to identify systems still running versions prior to 148.0.7778.216. Watch for suspicious sandbox-escape indicators: unexpected system-level process spawning from chrome.exe/chromium, unusual file system or registry modifications originating from the Chrome process, or crash reports citing ANGLE library functions. Correlate with renderer crash logs or exploit activity in web traffic logs. Behavioral detection of post-renderer-compromise activity (e.g., credential enumeration, lateral movement from a Chrome process) may flag exploitation attempts. Consider enabling Chrome's crash reporting to centralize detection signals.
Why prioritize this
This vulnerability merits immediate patching despite not being in the KEV catalog. The combination of high CVSS score (8.3), sandbox-escape capability (elevating impact), and applicability across all major operating systems creates substantial organizational risk. While it requires renderer compromise as a prerequisite, the ease with which renderer vulnerabilities are discovered and exploited makes this an attractive chaining target for sophisticated attackers. Organizations with users accessing untrusted or adversary-controlled web content should deprioritize zero-day browser bugs even more aggressively.
Risk score, explained
The CVSS 3.1 score of 8.3 (HIGH) reflects high impact (confidentiality, integrity, and availability all rated HIGH) but high attack complexity (AC:H) due to the renderer-compromise prerequisite. The vulnerability does not require authentication (PR:N) but does require user interaction (UI:R) to view the crafted page. The scope is changed (S:C), indicating the impact extends beyond the vulnerable component (the sandbox) to the broader system. The score appropriately penalizes the conditional nature (renderer must already be compromised) while recognizing that, given that condition, complete system compromise is likely.
Frequently asked questions
Can this vulnerability be exploited in a fully-patched Chrome environment with no prior compromise?
No. The vulnerability requires the renderer process to already be compromised by a separate attack (e.g., a browser bug, malicious script, or social engineering). It is a second-stage exploit for sandbox escape, not a standalone entry point. Organizations should therefore also track and patch browser rendering-engine vulnerabilities to prevent the initial compromise.
Does this affect Chromium-based browsers like Edge or Opera?
This vulnerability is reported against Google Chrome specifically. However, Edge, Opera, Brave, and other Chromium derivatives may ship the same vulnerable ANGLE code. Check the vendor advisory or update status for these browsers independently; assuming they've incorporated the patch would be imprudent. Verify version parity with Chrome release notes.
Is this vulnerability being exploited in the wild?
It is not currently listed in CISA's Known Exploited Vulnerabilities catalog as of the publication date. However, the absence of a KEV listing does not guarantee no active exploitation; targeted campaigns may exploit it quietly, and threat actors may develop proof-of-concepts after the patch becomes widely available. Maintain vigilance for related campaign telemetry.
What is ANGLE, and why does it matter?
ANGLE (Almost Native Graphics Layer Engine) is a graphics abstraction library that translates OpenGL and WebGL calls to DirectX or Metal, enabling hardware-accelerated rendering in Chrome across Windows, macOS, and Linux. A memory corruption bug in ANGLE affects all graphics operations, potentially affecting many websites and web applications. The library's low-level privileged access makes sandbox-escape vulnerabilities particularly dangerous.
This analysis is based on publicly available vulnerability data as of the modification date (2026-06-17) and does not constitute a guarantee of completeness or real-time accuracy. Patch version numbers and vendor advisories should be independently verified against official sources before deployment. Organizations should conduct their own risk assessment and compatibility testing prior to applying patches. This explainer does not provide exploit code or weaponization guidance and is intended for defensive security purposes only. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-10941HIGHSkia Out-of-Bounds Memory Vulnerability in Chrome – Urgent Patch Required
- CVE-2026-9910HIGHChrome ANGLE Out-of-Bounds Memory Access – Exploit & Patch Guide
- CVE-2026-10883HIGHType Confusion in Chrome ANGLE Graphics Library
- CVE-2026-10889HIGHCritical ANGLE Sandbox Escape in Google Chrome – Patch to 149.0.7827.53
- CVE-2026-10897HIGHCritical Chrome GPU Sandbox Escape Vulnerability
- CVE-2026-10907HIGHChrome ANGLE Out-of-Bounds Write – Remote Code Execution Risk
- CVE-2026-10927HIGHChrome Sandbox Escape via Dawn Out-of-Bounds Read
- CVE-2026-11015HIGHCritical Chrome WebGPU Out-of-Bounds Read Vulnerability