CVE-2026-10935 · Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a craf

01 · The Real Story

This is a burglar getting into the lobby, not the vault

CVE-2026-10935 is a V8 memory-safety bug in Chrome fixed in the Chrome 149 train, affecting versions prior to 149.0.7827.53 on Linux and 149.0.7827.53/.54 on Windows and Mac. The user-supplied title describes it as a type confusion leading to arbitrary code execution inside the Chrome sandbox via a crafted page, but Google's June 2, 2026 stable release notes label CVE-2026-10935 as "Inappropriate implementation in V8". Either way, the practical impact is renderer-process code execution after a user hits attacker-controlled web content.

Google's HIGH 8.8 baseline is technically defensible for a no-auth network-reachable browser memory corruption, but it overstates enterprise urgency when you audit the real path. The decisive friction is that this bug stops at sandboxed browser code execution and still needs user navigation to hostile content; without active exploitation, a public PoC, or a paired sandbox escape, this is not in the same patch queue as edge-device pre-auth RCE or KEV-listed browser zero-days.

"Real bug, real reach, but this is still a post-click renderer bug, not a one-shot enterprise-owning event."

02 · The Attack Path

4 steps from start to impact.

STEP 01

Deliver the lure page

The attacker uses a phishing link, malvertising redirect, or compromised site as the delivery tool to get a target into a hostile HTML/JavaScript page. This is ordinary browser traffic over HTTPS, so there is no unusual network protocol to key on.

Conditions required:

Victim is running a vulnerable Chrome build before 149.0.7827.53
Victim must open or be redirected to attacker-controlled web content
JavaScript must be allowed to run

Where this breaks in practice:

Requires user interaction (UI:R) or a successful redirect chain
Enterprise URL filtering, Safe Browsing, secure email gateways, and user training kill a lot of these paths before exploit code runs
This is client-side reachability, not direct server-side exposure

Detection/coverage: Email security, web proxies, Safe Browsing, and DNS filtering have meaningful coverage on the delivery step; vuln scanners usually only flag version exposure, not exploit delivery.

STEP 02

Trigger the V8 bug

Inside the malicious page, the exploit primitive abuses the V8 flaw to produce memory corruption and gain code execution in the renderer process. For a real operator, that means exploit reliability work across target builds, feature flags, and platform differences.

Conditions required:

A working exploit must exist for the target platform/build
Target's browser state must match exploit assumptions closely enough to be reliable

Where this breaks in practice:

No public PoC was found during this review
Browser memory-corruption exploits are brittle across minor builds and OS combinations
Modern exploit mitigations in Chromium raise the cost from bug to weaponization

Detection/coverage: Version scanners can identify vulnerable builds; direct exploit detection is weak unless you have browser telemetry, crash spikes, or EDR catching child-process abuse.

STEP 03

Land inside the sandbox

Successful exploitation yields code execution inside Chrome's sandboxed renderer, not native unrestricted OS execution. The attacker can still do damage in browser context, but the blast radius is materially smaller than a full workstation compromise.

Conditions required:

Exploit must succeed in the renderer
Chrome sandbox must not be separately escaped

Where this breaks in practice:

The sandbox is the main downward pressure on severity
Stepping from renderer code to host compromise normally requires a second bug or credential/session abuse path
Many security products will catch obvious post-exploitation behaviors after renderer compromise

Detection/coverage: EDR can sometimes catch anomalous Chrome child processes, token theft attempts, or unusual browser memory crashes; vulnerability management tools cannot prove sandbox escape because that's not what this CVE is.

STEP 04

Chain or monetize browser access

To turn this into major enterprise impact, the operator needs a follow-on toolchain: sandbox escape, browser data theft, session hijacking, or credential theft against in-browser workflows. That is where this single-CVE story either becomes a serious intrusion or fizzles out.

Conditions required:

Attacker has useful browser-resident targets or a second-stage exploit
Target is logged into valuable applications or holds accessible secrets

Where this breaks in practice:

No evidence in the reviewed sources that CVE-2026-10935 is being used in the wild
No KEV listing
No public chaining guidance or published exploit repo found during this review

Detection/coverage: Identity telemetry, EDR, CASB, and unusual session reuse are better detectors here than network scanners.

03 · Intelligence Metadata

The supporting signals.

In-the-wild status	No public exploitation evidence found in the reviewed sources, and not in CISA KEV as of 2026-06-05.
Proof-of-concept availability	No public PoC repo or write-up found during this review. That does not mean none exists privately; it means there is no clear public weaponization signal yet.
EPSS	`0.00081` from the user-provided intel, which is very low and directionally consistent with a non-KEV, non-publicly-weaponized browser bug.
KEV status	No. Not listed in the CISA Known Exploited Vulnerabilities Catalog.
CVSS vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H` = remote, no auth, but user interaction required and impact still described for a sandboxed context.
Affected versions	Chrome builds before `149.0.7827.53`; Google's release notes show `149.0.7827.53` for Linux and `149.0.7827.53/.54` for Windows/Mac in the stable rollout.
Fixed versions	`149.0.7827.53` on Linux, `149.0.7827.53/.54` on Windows/Mac; Android stable moved to `149.0.7827.59` and states it contains the same desktop security fixes.
Scanning / exposure data	Traditional internet exposure counts from Shodan/Censys/FOFA are not very meaningful here because this is a client-side browser flaw, not an edge service you can enumerate from the internet.
Disclosure date	2026-06-04 from the user-provided intel; Google's stable release carrying the fix published on 2026-06-02.
Researcher / reporter	Google's stable release notes credit `CVE-2026-10935` as reported by Google on 2026-04-12.
Metadata consistency check	There is a description mismatch: your intel says Type Confusion in V8, while Google's public stable notes list `CVE-2026-10935` as Inappropriate implementation in V8. That lowers confidence in the exact bug class, but not in the patch/version guidance.

04 · The Call

noisgate verdict.

Final Verdict

↓ DOWNGRADED to MEDIUM (6.4/10)

The single biggest reason this lands at MEDIUM is that the public impact story stops at renderer code execution inside the Chrome sandbox. Wide deployment matters, but without active exploitation, a public exploit, or a companion sandbox escape, this is a client-side post-click bug with meaningful real-world friction, not an emergency fleet-wide fire drill.

HIGH Affected-version and fixed-version mapping

MEDIUM Exploitability reassessment

LOW Exact bug-class labeling due to public metadata mismatch

Why this verdict

Downgrade for sandbox confinement: successful code execution is described inside the Chrome sandbox, which sharply reduces immediate host-compromise blast radius versus a full browser-to-OS chain.
Downgrade for attacker path friction: this requires user interaction with malicious content, so it is not directly reachable like an edge service or pre-auth server bug.
Downgrade for missing threat signals: no KEV listing, no public PoC found, and the provided EPSS is very low (0.00081).
Partial upward pressure for ubiquity: Chrome is everywhere in enterprise, so even a sandboxed renderer bug can matter at scale if it later gets chained.
Hold above LOW because of bug class: V8 memory-corruption issues are historically valuable to serious operators, and browser attack surface remains high-value even when a single CVE is not enough on its own.

Why not higher?

There is no verified in-the-wild exploitation signal here, no KEV listing, and no public exploit artifact found during review. More importantly, the described impact is sandboxed renderer execution, which means an attacker still needs additional steps to turn this into a workstation compromise or broad enterprise incident.

Why not lower?

This is still a remotely delivered browser memory-safety flaw in a massively deployed application with no authentication requirement. If your environment has unmanaged browsers, delayed auto-update, or high-risk user populations, the operational exposure is real even without proof of active abuse.

05 · Compensating Control

What to do — in priority order.

Force browser auto-update — Verify Chrome auto-update is enabled and not broken by software distribution controls, then sweep for stragglers. For a MEDIUM verdict there is no mitigation SLA — go straight to the 365-day remediation window, but for browsers you should still collapse drift quickly as routine hygiene.
Harden web delivery controls — Keep Safe Browsing, secure DNS, URL filtering, and attachment/link detonation enabled to cut off the delivery step before exploit code runs. This is the best compensating layer while remediation rolls through the fleet, and for MEDIUM severity it should be maintained as standard control coverage rather than rushed under a mitigation SLA.
Prioritize high-risk user rings — Put admins, finance, execs, developers, and threat-facing roles into the fastest browser-update ring because they are more likely to encounter targeted lures. Even without a mitigation SLA, those users should not sit in long-tail update backlog.
Watch for browser-to-child-process anomalies — Tune EDR detections for chrome spawning unusual children, command shells, script hosts, or LOLBins. This does not prevent the renderer exploit, but it does help catch the moment an attacker tries to convert browser foothold into something useful.

What doesn't work

Perimeter firewall blocking does not solve this; the exploit rides normal outbound HTTPS to user-browsed content.
Version-only vulnerability scanning does not tell you whether exploitation occurred; it only tells you exposure.
MFA does not mitigate the bug itself; it may reduce some downstream account abuse, but it does nothing to stop renderer compromise.

06 · Verification

Crowdsourced verification payload.

Run this on the target endpoint or through your software inventory agent. Invoke it with python3 check_chrome_cve_2026_10935.py or point it at a specific binary with python3 check_chrome_cve_2026_10935.py --path "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome"; standard user rights are usually enough, though some Windows inventory paths may be easier with local read access.

noisgate-verify.py

PYTHONREAD-ONLYSAFE

#!/usr/bin/env python3
# check_chrome_cve_2026_10935.py
# Exit codes: 0=PATCHED, 1=VULNERABLE, 2=UNKNOWN

import argparse
import os
import platform
import re
import shutil
import subprocess
import sys
from pathlib import Path

THRESHOLD = (149, 0, 7827, 53)

COMMON_PATHS = {
    "Windows": [
        r"C:\Program Files\Google\Chrome\Application\chrome.exe",
        r"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe",
    ],
    "Darwin": [
        "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome",
        str(Path.home() / "Applications/Google Chrome.app/Contents/MacOS/Google Chrome"),
    ],
    "Linux": [
        "/usr/bin/google-chrome",
        "/usr/bin/google-chrome-stable",
        "/opt/google/chrome/chrome",
        "/snap/bin/chromium",
    ],
}

VERSION_RE = re.compile(r"(\d+)\.(\d+)\.(\d+)\.(\d+)")


def parse_version(text):
    m = VERSION_RE.search(text)
    if not m:
        return None
    return tuple(int(x) for x in m.groups())


def get_version_from_binary(binary):
    try:
        out = subprocess.check_output([binary, "--version"], stderr=subprocess.STDOUT, text=True, timeout=10)
        return parse_version(out), out.strip()
    except Exception:
        return None, ""


def discover_candidates(explicit_path=None):
    candidates = []
    if explicit_path:
        candidates.append(explicit_path)

    system = platform.system()
    for p in COMMON_PATHS.get(system, []):
        candidates.append(p)

    for name in ["google-chrome", "google-chrome-stable", "chrome", "chromium", "chromium-browser"]:
        found = shutil.which(name)
        if found:
            candidates.append(found)

    seen = set()
    unique = []
    for c in candidates:
        if c and c not in seen:
            seen.add(c)
            unique.append(c)
    return unique


def main():
    parser = argparse.ArgumentParser(description="Check Chrome exposure for CVE-2026-10935")
    parser.add_argument("--path", help="Optional explicit path to Chrome binary")
    args = parser.parse_args()

    candidates = discover_candidates(args.path)
    results = []

    for candidate in candidates:
        if os.path.exists(candidate):
            ver, raw = get_version_from_binary(candidate)
            if ver:
                results.append((candidate, ver, raw))

    if not results:
        print("UNKNOWN - Google Chrome binary not found or version unreadable")
        sys.exit(2)

    # Pick highest version found on host.
    results.sort(key=lambda x: x[1], reverse=True)
    path, version, raw = results[0]

    if version < THRESHOLD:
        print(f"VULNERABLE - {raw} at {path} is below 149.0.7827.53")
        sys.exit(1)
    else:
        print(f"PATCHED - {raw} at {path} is at or above 149.0.7827.53")
        sys.exit(0)


if __name__ == "__main__":
    main()

07 · Bottom Line

If you remember one thing.

TL;DR

Monday morning, treat this as browser hygiene with urgency, not incident-response triage: verify Chrome auto-update health, inventory endpoints still below 149.0.7827.53, and clean up the slow rings first. Because the reassessed severity is MEDIUM, there is noisgate mitigation SLA: no mitigation SLA — go straight to the 365-day remediation window; use 2027-06-04 as your outer noisgate remediation SLA date, but in practice you should finish Chrome stragglers far sooner because browsers should not live in annual patch debt.

Sources

Peer Review

What defenders are saying.

Submit a review attribution: handle + country only

0 flags selected · stored anonymously

Validation Results

Crowdsourced verification outputs.

Results submitted by users who ran the verification payload against their environment.