← Back to Feed CACHED · 2026-05-17 09:42:19 · cache_key CVE-2025-29912
CVE-2026-10919 · CWE-416 · Disclosed 2026-06-04

Use after free in ANGLE in Google Chrome prior to 149

ASSESSED — NOISGATE V0.5
Vendor
Reassessed
Verdict:
01 · The Real Story

This is a second lock on the vault door failing after the burglar is already in the lobby

CVE-2026-10919 is a use-after-free in ANGLE, Chrome’s graphics translation layer, affecting Google Chrome versions prior to 149.0.7827.53. The key qualifier is in the vendor wording: the attacker must have already compromised the renderer process and then use a crafted HTML page to try to escape Chrome’s sandbox. In plain English, this is not the phishing-click-to-full-host-compromise bug by itself; it is the second-stage breakout that turns a renderer foothold into something more dangerous.

Google’s HIGH 8.3 label overstates the operational urgency for enterprise patch triage because it scores the technical impact once the bug is reachable, not the real-world friction to reach it. The decisive downgrade is the prerequisite chain: user interaction + a separate renderer compromise + successful exploit reliability inside a modern sandboxed browser. That keeps this important for browser hygiene, but it is not the kind of naked remote edge exploit that should jump ahead of actively exploited internet-facing flaws.

"This is a valuable sandbox-escape stage, not a stand-alone internet-to-host compromise."
02 · The Attack Path

4 steps from start to impact.

STEP 01

Land code execution in the renderer first

The attacker needs a separate renderer compromise before CVE-2026-10919 matters at all. In practice this means a different browser bug, exploit chain, or UXSS-to-code-exec condition delivered via a malicious page; there is no public weaponized tool for this CVE alone. Chromium’s own threat model explicitly treats compromised renderers as realistic, but that does not remove the fact that this CVE is post-compromise within the browser.
Conditions required:
  • Victim browses attacker-controlled content
  • A separate renderer bug or exploit chain succeeds first
  • Attacker gains code execution or equivalent control in the renderer process
Where this breaks in practice:
  • Requires chaining with another bug; CVE-2026-10919 is not initial access
  • Modern browser mitigations, exploit hardening, and renderer isolation reduce chain reliability
  • No public PoC or in-the-wild evidence lowers opportunistic abuse
Detection/coverage: Traditional vuln scanners do not detect this exploit condition directly; detection is mostly indirect through browser version inventory and EDR/browser telemetry for exploit chain behavior.
STEP 02

Trigger the ANGLE UAF from the compromised renderer

Once inside the renderer, the attacker uses a crafted HTML/WebGL path to exercise ANGLE and hit the use-after-free primitive. ANGLE is a high-value target because it brokers graphics operations across native backends, so memory corruption here can become a path toward sandbox escape. No public exploit kit or repo is known for this CVE at disclosure.
Conditions required:
  • Renderer compromise already exists
  • Target build is < 149.0.7827.53
  • The vulnerable ANGLE code path is reachable on the victim platform/configuration
Where this breaks in practice:
  • Exploitability can vary by OS, GPU stack, driver behavior, and backend
  • Memory corruption bugs in browser graphics paths are often fragile across builds
  • ANGLE bug details were still restricted around release, limiting copycat development
Detection/coverage: Version-based scanning can flag likely exposure. Runtime detection depends on crash telemetry, EDR signals, and browser exploit-prevention features rather than signature-based network controls.
STEP 03

Convert memory corruption into a sandbox escape

The attacker must turn the UAF into a reliable sandbox boundary break, not just a renderer crash. That means bypassing Chrome’s process isolation and sandbox restrictions to access more privileged browser or OS resources. This is the step that gives the CVE its importance, but it is also the step where many real exploit attempts die.
Conditions required:
  • Successful memory corruption primitive from ANGLE
  • Exploit stability sufficient to avoid simple crash-only outcomes
  • Sandbox defenses do not neutralize or contain the attempt
Where this breaks in practice:
  • Chrome’s sandbox and Site Isolation are explicitly designed to contain compromised renderers
  • Many attempts degrade to browser crash/DoS instead of controlled escape
  • Cross-version exploit reliability is usually poor without tailored engineering
Detection/coverage: Look for child-process anomalies, browser crash spikes, renderer-to-broker abuse patterns, and EDR detections on suspicious browser process behavior.
STEP 04

Act after escape

If the sandbox escape works, the attacker can move beyond the renderer and attempt local code execution, data access, or follow-on persistence using standard post-exploitation tooling. At that point the bug has enabled host impact, but only after multiple earlier gates succeeded. There is no evidence of public weaponization or KEV status as of 2026-06-04.
Conditions required:
  • Sandbox escape succeeds
  • Post-escape privileges are sufficient for the attacker’s goal
  • Endpoint controls do not block follow-on actions
Where this breaks in practice:
  • EDR should have a chance to catch abnormal browser child-process or LOLBin activity
  • Privilege after escape may still be limited by OS controls and user context
  • Enterprise hardening can contain blast radius to a single endpoint/session
Detection/coverage: EDR is the main control here; browser version scanners help exposure management but do not confirm exploitation.
03 · Intelligence Metadata

The supporting signals.

In-the-wild statusNo public evidence of active exploitation as of 2026-06-04; not observed in the sources reviewed.
KEV statusNot listed in CISA KEV at review time.
Public PoCNo public PoC found. Chrome bug details commonly stay restricted until most users are updated, which slows copycat weaponization.
EPSS0.00068 from the supplied intel block — extremely low predicted exploitation likelihood in the next 30 days.
Vendor severityHIGH 8.3 with vector CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H from the supplied intel.
What the vector missesThe CVSS framing captures browser-delivered impact, but it does not price in the operational reality that the attacker must already have renderer compromise. That prerequisite is the main reason for the downgrade.
Affected versionsGoogle Chrome < 149.0.7827.53.
Fixed versionUpdate to 149.0.7827.53 or later. Google published 149.0.7827.53/.54 as an early stable desktop update on 2026-05-29.
Exposure / scanning realityThis is a client-side browser flaw, so Shodan/Censys/FOFA are not meaningful exposure measures. Exposure is driven by endpoint browser inventory, unmanaged browsers, and lagging auto-update rings.
Researcher / reportingPublic bug detail appears restricted at disclosure, so a named external reporter was not visible in the reviewed official release material.
04 · The Call

noisgate verdict.

Final Verdict
DOWNGRADED to MEDIUM (6.1/10)

The decisive factor is that exploitation requires prior renderer compromise, which makes this a post-initial-access browser escape stage rather than a stand-alone internet-to-host break. That sharply narrows both the reachable population and the number of attackers who can use it reliably, despite the severe impact if chained successfully.

HIGH Version range and second-stage sandbox-escape prerequisite
MEDIUM No public exploitation / PoC status as of 2026-06-04
MEDIUM Reassessed severity versus vendor CVSS baseline

Why this verdict

  • Downgrade for attacker position: this is not unauthenticated remote code execution by itself; the attacker must first compromise the renderer, which implies an earlier successful exploit stage.
  • Downgrade for exposed population: every Chrome endpoint may carry the vulnerable code, but only the subset facing a working renderer exploit chain is actually reachable for this CVE.
  • Downgrade for defensive friction: modern Chrome sandboxing, Site Isolation, exploit mitigations, and EDR raise the failure rate from ‘memory bug exists’ to ‘reliable host impact achieved’.
  • Hold at MEDIUM, not LOW: Chrome is massively deployed, ANGLE is security-relevant, and a sandbox escape is high-value to advanced exploit chains even when it is not independently reachable.
  • No threat amplifier present: no KEV listing, no known public PoC, and no public in-the-wild evidence were found to justify keeping the vendor’s HIGH operational priority.

Why not higher?

A higher rating would require at least one major amplifier: active exploitation, KEV listing, a public reliable PoC, or direct unauthenticated remote reachability. None are present here. The need for a separate renderer compromise is compounding downward pressure because it assumes the attacker has already cleared the hardest browser exploitation step.

Why not lower?

This is still a sandbox escape in Chrome, not harmless crashware. In environments facing targeted browser exploitation, second-stage escapes are exactly what turns a renderer bug into meaningful host impact, so backlog-only treatment would understate the risk.

05 · Compensating Control

What to do — in priority order.

  1. Enforce browser auto-update — Make sure managed Chrome channels cannot sit below 149.0.7827.53 indefinitely. For a MEDIUM verdict there is no mitigation SLA — go straight to the 365-day remediation window, but browsers should still ride normal rapid-update policy rather than discretionary user timing.
  2. Reduce unmanaged browsing — Push users into enterprise-managed Chrome profiles and remove stale side-installed browser copies where possible. This matters because exposure is inventory-driven; for MEDIUM there is no mitigation SLA — go straight to the 365-day remediation window.
  3. Harden browser exploit surface — Keep Site Isolation, EDR exploit prevention, and OS/browser hardening fully enabled to make renderer-to-sandbox chains less reliable. These are containment controls, not substitutes for patching; for MEDIUM there is no mitigation SLA — go straight to the 365-day remediation window.
  4. Watch for browser-child anomalies — Tune EDR for suspicious browser process trees, crash bursts, and unexpected broker or child-process behavior. This helps catch exploit-chain execution while you work through the normal remediation cycle; for MEDIUM there is no mitigation SLA — go straight to the 365-day remediation window.
What doesn't work
  • A network scanner will not prove safety here, because this is not an internet-facing service flaw; you need endpoint version inventory.
  • User training alone does not solve the core issue; even though a crafted page is involved, the real gate is the exploit chain inside the browser.
  • WAFs or perimeter filtering are weak controls for a client-side browser memory-corruption path and will not reliably stop malicious content delivery.
06 · Verification

Crowdsourced verification payload.

Run this on the target endpoint or through your software inventory tooling. Invoke with python3 check_chrome_cve_2026_10919.py on macOS/Linux or py check_chrome_cve_2026_10919.py on Windows; no admin rights are required as long as the Chrome binary is readable in standard install paths.

noisgate-verify.py
PYTHONREAD-ONLYSAFE
#!/usr/bin/env python3
# check_chrome_cve_2026_10919.py
# Detects whether Google Chrome is vulnerable to CVE-2026-10919 based on version.
# Vulnerable: versions prior to 149.0.7827.53
# Exit codes: 0=PATCHED, 1=VULNERABLE, 2=UNKNOWN

import os
import platform
import re
import shutil
import subprocess
import sys
from typing import Optional, Tuple

FIXED = (149, 0, 7827, 53)


def parse_version(text: str) -> Optional[Tuple[int, int, int, int]]:
    m = re.search(r'(\d+)\.(\d+)\.(\d+)\.(\d+)', text)
    if not m:
        return None
    return tuple(int(x) for x in m.groups())


def run_version(cmd):
    try:
        out = subprocess.check_output(cmd, stderr=subprocess.STDOUT, text=True, timeout=10)
        return parse_version(out)
    except Exception:
        return None


def check_windows() -> Optional[Tuple[int, int, int, int]]:
    paths = [
        os.path.expandvars(r'%ProgramFiles%\Google\Chrome\Application\chrome.exe'),
        os.path.expandvars(r'%ProgramFiles(x86)%\Google\Chrome\Application\chrome.exe'),
        os.path.expandvars(r'%LocalAppData%\Google\Chrome\Application\chrome.exe'),
    ]
    for p in paths:
        if p and os.path.exists(p):
            v = run_version([p, '--version'])
            if v:
                return v
    if shutil.which('chrome'):
        return run_version(['chrome', '--version'])
    return None


def check_macos() -> Optional[Tuple[int, int, int, int]]:
    paths = [
        '/Applications/Google Chrome.app/Contents/MacOS/Google Chrome',
        os.path.expanduser('~/Applications/Google Chrome.app/Contents/MacOS/Google Chrome'),
    ]
    for p in paths:
        if os.path.exists(p):
            v = run_version([p, '--version'])
            if v:
                return v
    return None


def check_linux() -> Optional[Tuple[int, int, int, int]]:
    candidates = [
        'google-chrome',
        'google-chrome-stable',
        '/opt/google/chrome/chrome',
        'chromium',
        'chromium-browser',
    ]
    for c in candidates:
        path = shutil.which(c) if not c.startswith('/') else c
        if path and os.path.exists(path):
            v = run_version([path, '--version'])
            if v:
                return v
    return None


def main():
    system = platform.system().lower()
    if 'windows' in system:
        version = check_windows()
    elif 'darwin' in system:
        version = check_macos()
    else:
        version = check_linux()

    if not version:
        print('UNKNOWN - Google Chrome not found or version unreadable')
        sys.exit(2)

    version_str = '.'.join(str(x) for x in version)
    fixed_str = '.'.join(str(x) for x in FIXED)

    if version < FIXED:
        print(f'VULNERABLE - detected Chrome {version_str}; fixed version is {fixed_str} or later')
        sys.exit(1)
    else:
        print(f'PATCHED - detected Chrome {version_str}; fixed threshold is {fixed_str}')
        sys.exit(0)


if __name__ == '__main__':
    main()
07 · Bottom Line

If you remember one thing.

TL;DR
Monday morning, treat this as important browser hygiene, not emergency outage work: use endpoint inventory to find Chrome builds below 149.0.7827.53, make sure enterprise auto-update is functioning, and fold stragglers into your normal browser update ring. For a MEDIUM verdict there is no noisgate mitigation SLA — go straight to the 365-day remediation window; the noisgate remediation SLA is ≤365 days, but because browsers update cheaply and frequently, most mature teams should clear this well before that outer limit rather than leaving stale versions to age in unmanaged pockets.

Sources

  1. Google Chrome Releases - Early Stable Update for Desktop (149.0.7827.53/.54)
  2. Chromium - Site Isolation overview
  3. Chromium - Site Isolation design document
  4. Chromium source - Sandbox design
  5. ANGLE project README
  6. CISA Known Exploited Vulnerabilities Catalog
  7. Chromium Security - Memory safety
  8. Chromium Security landing page
Peer Review

What defenders are saying.

Submit a review attribution: handle + country only
0 flags selected · stored anonymously
Validation Results

Crowdsourced verification outputs.

Results submitted by users who ran the verification payload against their environment.