CVE-2026-7354
Out-of-Bounds Read/Write in Chrome Angle Enables Sandbox Escape
Publication date: 2026-04-28
Last updated on: 2026-04-30
Assigner: Chrome
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chrome | to 147.0.7727.138 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can allow a remote attacker to escape the sandbox environment of Google Chrome, which is designed to isolate web content and limit its access to the system. This could lead to unauthorized access to system resources, potentially compromising the security and privacy of the affected system.
Can you explain this vulnerability to me?
This vulnerability is an out of bounds read and write issue in the Angle component of Google Chrome versions prior to 147.0.7727.138. It allows a remote attacker to potentially escape the browser's sandbox by using a specially crafted HTML page.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Google Chrome to version 147.0.7727.138 or later, as the issue is fixed in these versions.