CVE-2026-10999 · Integer overflow in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer proc

01 · The Real Story

This is not a front door break-in, it is a weak interior wall attackers can use only after they are already inside the house

CVE-2026-10999 affects Google Chrome on Windows before 149.0.7827.53. The user-supplied title calls it an *integer overflow in ANGLE*, but Google's June 2, 2026 desktop release notes currently describe CVE-2026-10999 as a Medium-severity out-of-bounds memory access in ANGLE, reported on 2026-03-04. Either way, this lives in Chrome's graphics translation layer on Windows, not in a server-facing service, and it only matters on endpoints running vulnerable Chrome builds.

The vendor's MEDIUM 6.5 already looks too generous for enterprise patch triage once you apply real-world friction. The decisive issue is the prerequisite: the attack path assumes a previous renderer compromise or equivalent malicious code execution in the renderer context. In Chrome's own security model, a compromised renderer is already a post-exploitation state, and this bug is at best a follow-on primitive for a larger chain, not an initial foothold.

"This is a chain-only Windows Chrome bug: useful to attackers after renderer compromise, not a Monday fire drill by itself."

02 · The Attack Path

4 steps from start to impact.

STEP 01

Land code execution in the renderer first

An attacker needs a separate stage-1 bug or equivalent browser exploit to get malicious control inside a sandboxed Chrome renderer. Chromium's threat model explicitly treats a compromised renderer as an assumed post-exploitation condition, not as normal pre-auth web reachability. CVE-2026-10999 does not appear to be that initial bug.

Conditions required:

Victim uses vulnerable Chrome on Windows prior to 149.0.7827.53
Attacker can get the victim to load malicious web content
A separate renderer compromise primitive already exists and works

Where this breaks in practice:

This prerequisite is the whole ballgame: no renderer compromise, no path
Modern Chrome exploit chains are expensive and usually burned selectively, not sprayed broadly
Email gateways, browser isolation, EDR, exploit mitigations, and Safe Browsing all pressure stage 1

Detection/coverage: CVE scanners will find vulnerable Chrome versions, but they cannot validate whether a usable stage-1 exploit chain exists in your environment.

STEP 02

Drive ANGLE through crafted graphics operations

With renderer control, the attacker can issue hostile graphics calls through ANGLE using WebGL or related rendering paths to try to trigger the memory-safety flaw. Because ANGLE translates graphics calls for Windows backends, this bug sits in a narrow, platform-specific path rather than a universally reachable network surface.

Conditions required:

ANGLE code path is reachable on the target Windows host
The target GPU/driver/runtime combination behaves in a way the exploit expects
Chrome's GPU/renderer architecture stays in the vulnerable path

Where this breaks in practice:

Windows-only scope cuts population immediately
Graphics bugs are often hardware-, driver-, and timing-sensitive
Enterprise fleet diversity makes reliable exploitation harder than a clean parser bug

Detection/coverage: Version-based detection is strong; exploit-attempt visibility is weak unless you have browser crash telemetry, GPU process crash correlation, or advanced EDR memory telemetry.

STEP 03

Turn memory corruption into a useful primitive

An integer overflow or out-of-bounds memory bug is only valuable if the attacker can convert it into controlled read/write, info leak, or process compromise. The publicly visible Google advisory does not claim active exploitation, sandbox escape, or reliable RCE from this CVE alone.

Conditions required:

The memory corruption is exploitable and not just a crash
The attacker can stabilize the primitive across the target environment

Where this breaks in practice:

No public evidence of in-the-wild weaponization
No public PoC located during review
Browser exploit mitigations raise the cost of turning a bug into a dependable chain

Detection/coverage: Expect mostly indirect signals: browser/GPU crashes, unusual renderer instability, or exploit-protection hits rather than a clean network IOC.

STEP 04

Use it as a chain component, not a standalone incident driver

If exploitation succeeds, the practical value is as a post-renderer chain component that may help expand impact beyond the initial sandboxed context. That makes it relevant to mature adversaries building multi-bug browser chains, but much less relevant as a standalone enterprise emergency.

Conditions required:

Attacker already has a working multi-stage browser exploit chain
The endpoint is both vulnerable and selected for targeting

Where this breaks in practice:

Requires compounding prerequisites rather than one-click direct compromise
Blast radius is endpoint-local, not internet-scale service compromise

Detection/coverage: Threat hunting should focus on exploit-chain behavior, not this CVE in isolation.

03 · Intelligence Metadata

The supporting signals.

In-the-wild status	No public evidence located that CVE-2026-10999 is being exploited in the wild as of 2026-06-06; CISA KEV does not list it. Source: CISA KEV catalog
Proof-of-concept availability	No public PoC or exploit repo for `CVE-2026-10999` was found during this review. That does not mean exploit development is impossible; it means defenders should not treat this as a commoditized bug yet.
EPSS	User-supplied EPSS is 0.00035 (~0.035%), which is extremely low and consistent with a niche, chain-dependent browser issue. EPSS background: FIRST EPSS
KEV status	Not KEV-listed as of 2026-06-06. No known CISA due date applies. Source: CISA KEV catalog
CVSS vector reality check	User-supplied vector `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N` understates a critical prerequisite: prior renderer compromise. In practice this behaves more like a post-initial-access chain primitive than a clean unauthenticated remote disclosure.
Affected versions	Chrome on Windows prior to 149.0.7827.53. Google's desktop stable announcement on 2026-06-02 shipped `149.0.7827.53/54` for Windows/Mac and `149.0.7827.53` for Linux. Source: Chrome Releases
Fixed version	Patch floor is 149.0.7827.53 on Windows according to the user-supplied advisory details; Google's desktop stable note shows Windows/Mac on `149.0.7827.53/54`. Source: Chrome Releases
Disclosure date	Publicly disclosed 2026-06-04 per the user-supplied intel; Google's stable desktop release that contained the fix was posted 2026-06-02.
Reporting researcher	Google's release note attributes the bug to `c6eed09fc8b174b0f3eebedcceb1e792`, reported on 2026-03-04. Source: Chrome Releases search result for CVE-2026-10999
Scanning / exposure data	Internet exposure telemetry from Shodan/Censys/FOFA is not meaningfully applicable here because this is client-side browser code on endpoints, not a listening service. Exposure should be measured from your software inventory, browser management console, or endpoint telemetry instead.

04 · The Call

noisgate verdict.

Final Verdict

↓ DOWNGRADED to LOW (3.6/10)

The deciding factor is the attacker position requirement: this bug only becomes relevant after the attacker already controls a Chrome renderer, which is a major downward pressure on real-world severity. There is no KEV listing, no public exploitation signal, and no evidence that CVE-2026-10999 is a reliable standalone path to enterprise compromise.

HIGH Downgrade based on the prior renderer-compromise prerequisite

MEDIUM Exact technical impact, because public advisory text is sparse and the title/description differ across sources

Why this verdict

Major downgrade: requires a compromised renderer first — that implies the attacker is already past the first defensive layer and already executing inside Chrome's sandboxed content process.
Population narrows hard — this is Windows-only Chrome, not a cross-platform internet-facing service, and exploitation likely depends on GPU/driver/path specifics in ANGLE.
No active exploitation signal — not KEV-listed, very low EPSS, and no public PoC found, so there is no evidence of broad operational use right now.

Why not higher?

A higher severity would require either broad pre-auth reachability, active exploitation, or a clear path to meaningful impact from the CVE by itself. We do not have that here. The prerequisite chain is too restrictive: remote content delivery alone is insufficient without first burning a separate renderer exploit.

Why not lower?

This is still a memory-safety flaw in a massively deployed browser component, and browser-chain operators do care about these bugs. If you run large unmanaged Windows fleets or lag Chrome updates, the ubiquity of the target keeps it above pure ignore territory.

05 · Compensating Control

What to do — in priority order.

Force Chrome auto-update compliance — Use enterprise browser management or endpoint tooling to confirm Windows Chrome clients reach 149.0.7827.53 or later. For a LOW verdict there is no SLA for temporary mitigation; treat this as backlog hygiene and drive compliance through the normal remediation window.
Prioritize unmanaged Windows browsers — Focus on developer workstations, kiosk systems, VDI gold images, and exception hosts where Chrome may lag behind central policy. These tend to be the pockets where browser-chain risk survives longest; clear them during the normal LOW remediation cycle.
Watch for browser crash clusters — Correlate EDR, Windows Error Reporting, and browser telemetry for spikes in chrome.exe or GPU-process crashes after web browsing activity. This will not prove exploitation, but it is one of the few practical ways to spot instability in graphics-path bugs before patch coverage is complete.
Harden the first-stage path — Because this CVE is chain-dependent, reduce exposure to stage-1 renderer bugs with Safe Browsing, exploit protection, browser isolation for high-risk users, and rapid browser patching generally. For LOW, fold these checks into existing control maintenance rather than launching a dedicated emergency change.

What doesn't work

Perimeter firewall tuning does not help; this is not a server-side listening service.
MFA does not meaningfully reduce exploitability; the issue is in client-side content processing, not identity abuse.
Network vulnerability scans alone are weak here; they may inventory version, but they do not measure renderer-compromise preconditions or graphics-path reachability.

06 · Verification

Crowdsourced verification payload.

Run this on the target Windows endpoint or through your EDR/remote PowerShell at user or admin level; admin is not required unless your tooling restricts file access. Example: powershell -ExecutionPolicy Bypass -File .\check-chrome-cve-2026-10999.ps1 or remotely through your fleet tool. The script checks common Chrome install paths and reports VULNERABLE, PATCHED, or UNKNOWN based on whether any detected Chrome version is below 149.0.7827.53.

noisgate-verify.ps1

POWERSHELLREAD-ONLYSAFE

# check-chrome-cve-2026-10999.ps1

# Purpose: Detect whether Google Chrome on Windows is vulnerable to CVE-2026-10999

# Logic: Any detected chrome.exe version < 149.0.7827.53 => VULNERABLE

# Exit codes: 0=PATCHED, 1=VULNERABLE, 2=UNKNOWN


$ErrorActionPreference = 'SilentlyContinue'

function Get-ChromeCandidates {
    $paths = @(
        "$Env:ProgramFiles\Google\Chrome\Application\chrome.exe",
        "$Env:ProgramFiles(x86)\Google\Chrome\Application\chrome.exe",
        "$Env:LocalAppData\Google\Chrome\Application\chrome.exe"
    )

    $results = @()
    foreach ($p in $paths) {
        if ($p -and (Test-Path $p)) {
            $results += $p
        }
    }

    # Optional registry discovery for nonstandard paths

    $regKeys = @(
        'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe',
        'HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe',
        'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe'
    )

    foreach ($rk in $regKeys) {
        $val = (Get-ItemProperty -Path $rk -Name '(default)').'(default)'
        if ($val -and (Test-Path $val)) {
            $results += $val
        }
    }

    return $results | Sort-Object -Unique
}

function Get-FileVersionString($path) {
    try {
        return (Get-Item $path).VersionInfo.FileVersion
    } catch {
        return $null
    }
}

function Normalize-Version($v) {
    if (-not $v) { return $null }
    $clean = ($v -split '\s+')[0].Trim()
    try {
        return [version]$clean
    } catch {
        return $null
    }
}

$fixedVersion = [version]'149.0.7827.53'
$candidates = Get-ChromeCandidates

if (-not $candidates -or $candidates.Count -eq 0) {
    Write-Output 'UNKNOWN - chrome.exe not found in common paths or registry'
    exit 2
}

$foundAny = $false
$foundVulnerable = $false
$messages = @()

foreach ($exe in $candidates) {
    $rawVersion = Get-FileVersionString $exe
    $ver = Normalize-Version $rawVersion

    if ($ver) {
        $foundAny = $true
        if ($ver -lt $fixedVersion) {
            $foundVulnerable = $true
            $messages += "VULNERABLE - $exe - version $ver is below $fixedVersion"
        } else {
            $messages += "PATCHED - $exe - version $ver meets/exceeds $fixedVersion"
        }
    } else {
        $messages += "UNKNOWN - $exe - could not parse version string '$rawVersion'"
    }
}

$messages | ForEach-Object { Write-Output $_ }

if ($foundVulnerable) {
    Write-Output 'VULNERABLE'
    exit 1
}

if ($foundAny) {
    Write-Output 'PATCHED'
    exit 0
}

Write-Output 'UNKNOWN - no parsable Chrome versions found'
exit 2

07 · Bottom Line

If you remember one thing.

TL;DR

Monday morning: do not treat this as an incident-grade browser emergency unless you have separate evidence of a Chrome exploit chain in play. Because the reassessed verdict is LOW, there is no mitigation SLA and noisgate remediation SLA is backlog hygiene; simply make sure Windows Chrome clients roll to 149.0.7827.53+ through normal browser servicing, document the chain-only nature of the bug, and close stragglers in the ordinary patch cycle rather than burning an out-of-band change window.

Sources

Peer Review

What defenders are saying.

Submit a review attribution: handle + country only

0 flags selected · stored anonymously

Validation Results

Crowdsourced verification outputs.

Results submitted by users who ran the verification payload against their environment.