Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.6
CVE-2026-13780: Google Chrome prior to 150.0.7871.47 allows attackers to break out of a security sandbox
CVE-2026-13780
Summary
An attacker who has already taken control of part of Google Chrome's system can potentially break out of a security sandbox and gain more control over the system. This could allow them to do more damage than they otherwise could. To fix this, update Google Chrome to version 150.0.7871.47 or later.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| chrome |
< 150.0.7871.46 cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* |
Original title
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escap...
Original description
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
nvd CVSS3.1
9.6
Vulnerability type
CWE-20
Improper Input Validation
- https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_... Vendor Advisory
- https://issues.chromium.org/issues/514769383 Permissions Required
Published: 30 Jun 2026 · Updated: 1 Jul 2026 · First seen: 1 Jul 2026