CVE-2026-14382: Sandbox Escape Vulnerability in ANGLE in Google Chrome Prior to 150.0.7871.46
A sandbox-escape vulnerability allows attackers to break out of the Chrome sandbox via crafted HTML pages and potentially gain higher system privileges.
Comparing 2 July 2026 with the previous day 1 July 2026.
A sandbox-escape vulnerability allows attackers to break out of the Chrome sandbox via crafted HTML pages and potentially gain higher system privileges.
The vulnerability requires an already-compromised renderer process as a prerequisite, making it primarily relevant as a privilege escalation mechanism rather than as a standalone entry point.
The vulnerability allows an attacker to potentially bypass Chrome's sandbox through a crafted HTML page and gain access to system resources.
The vulnerability allows an attacker with access to the renderer process to achieve a sandbox escape, significantly increasing the risk of complete system compromise.
A sandbox-escape vulnerability in Google's ANGLE rendering engine potentially allows remote code execution with elevated privileges via crafted HTML pages, with no documented active exploitation in the wild yet.
The sandbox escape requires prior renderer process compromise but is critical for attackers who already have initial code execution within the browser.
The vulnerability enables sandbox escape following renderer process compromise, representing a local privilege-escalation risk on already-compromised endpoints.
A use-after-free vulnerability in Chrome's Dawn component enables sandbox escape and potential arbitrary code execution with elevated privileges , a critical threat to endpoints, particularly in production environments using Chrome.
A use-after-free in the Skia rendering engine enables sandbox escapes via crafted HTML pages, allowing remote code execution on the host system and representing one of the highest severity levels.
An out-of-bounds vulnerability in Chrome's Dawn graphics engine potentially enables sandbox escape via crafted HTML pages with no confirmed active exploitation in the wild.
A use-after-free vulnerability in the ANGLE graphics library enables potential sandbox escape via crafted HTML pages, with no evidence of active exploitation in the wild.
Successful exploitation requires a pre-compromised renderer process, limiting risk to multi-stage attack scenarios, but the sandbox escape represents a critical privilege-escalation vector.
Sandbox-escape vulnerability in Chrome requires a pre-compromised renderer process, limiting practical exploitation but still warranting timely patching.
This is a standard security patch notification with no evidence of active exploitation or coordinated attack campaigns in the wild.
A critical use-after-free vulnerability in Google's ANGLE rendering engine allows an attacker to bypass Chrome's sandbox and execute arbitrary code with elevated privileges , a direct escalation risk for endpoint infection.
State-sponsored threat actors (APT29/Cloaked Ursa, UNC6692) are actively using compromised Microsoft Teams accounts to impersonate IT support and harvest credentials with documented success against targeted organizations.
A critical remote code execution vulnerability in 7-Zip enables arbitrary code execution by unauthenticated remote attackers , immediate mitigation required.
An authentication vulnerability in Check Point Remote Access VPN and Mobile Access is being actively exploited; attackers can establish VPN sessions without credentials and potentially access internal networks.
Sandbox-escape vulnerability in V8 allows attackers to execute code with elevated privileges via crafted HTML pages, but is documented as a standard patch advisory with no evidence of active exploitation.
An out-of-bounds read vulnerability in Chrome's ANGLE renderer allows extraction of sensitive data from process memory; this is already patched in Chrome version 150.0.7871.46 and later.
The vulnerability allows leaking data across origin boundaries via crafted HTML pages, potentially enabling attackers to access sensitive information from other websites within the same browser.
The vulnerability affects the ANGLE graphics library in Chrome and enables memory read access via crafted HTML pages, potentially exposing sensitive process memory data.
This is a standard advisory on a patched Chromium CVE with no indication of active exploitation or strategic implications for Swiss industry.
This CVE is a standard browser security vulnerability with no geopolitical or supply-chain implications; it requires routine patch management like any other Chrome update.
An integer overflow vulnerability in Google's V8 JavaScript engine enables remote code execution within Chrome's sandbox through crafted HTML pages and requires timely patching.
The vulnerability enables sandbox escape via Type Confusion in V8; this is significant for Chrome users in production environments exposed to advanced web-based exploits.
This is a standard security patch notification for an already-reported Chrome vulnerability with no indication of active exploitation or targeted campaigns.
The BSI warns of multiple undisclosed vulnerabilities in Google Chrome; details are not yet published, complicating timely patch monitoring.
No changes in this category.
No changes in this category.
CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalogue and mandates patching by 4 July 2026 for US federal agencies, signalling active or imminent exploitation.
An unidentified threat actor is actively exploiting CVE-2026-0257 to bypass authentication on PAN-OS GlobalProtect gateways and establish unauthorized VPN connections.
The vulnerability requires prior network authorization and is covered by standard NVD reporting without active exploitation or geopolitical dimension.
Iranian state-affiliated APT Nimbus Manticore demonstrates newly adopted techniques including SEO poisoning and enhanced capabilities during active geopolitical conflict, targeting European entities.
Check Point documents a 124% surge in hacktivism and ransomware across Germany, Austria, and Switzerland in 2025,a strategically significant shift in the DACH threat landscape for manufacturing organizations.
A use-after-free vulnerability in Google's Views component enables heap corruption via crafted HTML pages when users perform specific UI gestures; critical CVSS score requires immediate update to version 150.0.7871.47 or later.
Critical heap-corruption vulnerability in Chrome requires user interaction (specific UI gestures) for exploitation and is therefore not remotely exploitable without user engagement.
This is the RAR5 sibling of CVE-2023-40477 (fixed only in the RAR3 path through version 6.23); the new vulnerability affects recovery files and requires only that the user perform a test/repair operation on the crafted .rev files.
Local privilege escalation in Windows Secure Kernel requires already-elevated code execution rights; relevant for systems with compromised privileged user or process accounts.
The vulnerability enables arbitrary code execution through malicious Chrome extensions and requires user interaction to install the malicious extension.
A use-after-free vulnerability in GPU processing allows an attacker with renderer access to achieve full sandbox escape,critical for browser security in production environments.
The vulnerability enables an attacker with renderer-process access to escape the Chrome sandbox and execute arbitrary code,a critical escalation across browser security boundaries.
Critical RCE vulnerability in Chrome Chromoting component requires immediate patching; the flaw is triggered via malicious network packets and affects remote desktop usage.
The vulnerability requires an already-compromised renderer process and thus represents the second stage of a multi-stage attack chain rather than a direct remote code execution vector.
A sandbox-escape vulnerability in Chromium allows an attacker with renderer-process access to break browser isolation and execute arbitrary code on the host system,a critical risk for endpoints running Chrome or Chromium-based browsers.
A critical use-after-free vulnerability in the Chrome renderer enables sandbox escape under certain conditions, potentially leading to complete system compromise.
A critical use-after-free vulnerability in the Ozone rendering engine enables remote code execution via crafted HTML pages without requiring user interaction.
A critical use-after-free vulnerability in Chrome's Chromoting component enables remote code execution via malicious network traffic and requires immediate patching on Windows systems using Chrome remote access.
An authenticated RCE vulnerability in Fortinet FortiWeb with high CVSS score enables arbitrary code execution and requires prompt patch prioritization in network security infrastructure.
A kernel vulnerability in win32kfull allows local attackers with low-privilege access to escalate privileges on Windows systems; CVSS 7.8 and active tracking by ZDI.
The vulnerability allows attackers to deceive authenticated users, steal their session tokens, or generate persistent access tokens to inject malicious extension versions into the Open VSX supply chain.
Critical IKE vulnerability in Windows Server affects VPN infrastructure and requires immediate attention for remote-access scenarios.
A sandbox-escape vulnerability in GPU processing allows an attacker with access to the renderer process to bypass security isolation.
The vulnerability requires active user interaction (installation of a malicious extension) and thus presents a moderate, not critical, risk if user security training is effective.
A side-channel vulnerability in Chrome's Scroll mechanism allows attackers to leak confidential cross-origin data through a crafted HTML page, raising concerns about browser security against subtle timing-based exploits.
For Windows systems with Chrome: High-severity RCE through WebApp installation manipulation requires user interaction but poses elevated risk for industrial workstations.
The vulnerability enables sandbox escape after renderer process compromise, but requires prior compromise and is primarily a browser risk with no known active exploitation reported.
A use-after-free vulnerability in the QUIC protocol enables heap corruption through malicious network traffic without user interaction.
The vulnerability in the Chrome Updater enables local privilege escalation on Windows systems, but requires system access and a malicious file to exploit.
The vulnerability requires specifically manipulated UI gestures from the user, which limits the risk of opportunistic remote exploitation but enables targeted attacks against known users.
The vulnerability requires a successfully compromised renderer process as a prerequisite; it is thus relevant for multi-stage exploitation attacks but is addressed in isolation through browser updates.
The vulnerability allows an attacker with control over the renderer process to bypass site isolation, demonstrating that isolation between websites is not guaranteed when the renderer is compromised.
The vulnerability requires a pre-compromised renderer process and then enables sandbox escape , a two-stage exploitation scenario that underscores the importance of browser isolation and defense-in-depth measures.
Use-after-free in Chrome IME enables code execution within sandbox context; requires prompt patching to version 150.0.7871.47 or later.
This is a standard patch advisory for a high-severity Chrome vulnerability with no evidence of active exploitation or targeted campaigns.
High-severity RCE vulnerability in Blink requires immediate Chrome update to version 150.0.7871.47 or later to prevent sandbox escapes via crafted HTML pages.
A sandbox escape vulnerability in Google Chrome allows attackers to potentially break out of the browser sandbox via crafted HTML pages, enabling arbitrary code execution.
This is a standard patch advisory with no indication of active exploitation or specific attack campaigns.
Sandbox-escape potential through use-after-free in Chrome renderer enables an attacker with a compromised renderer process to break out of the browser sandbox , threat to endpoint security in web-based attack scenarios.
The vulnerability enables privilege escalation via crafted HTML pages once the renderer process is compromised, which is relevant for multi-stage attack chains.
Heap-corruption vulnerability in Chromium's Dawn graphics engine enables potential remote code execution via crafted HTML pages without additional user interaction.
An implementation vulnerability in Google Chrome allows remote attackers to obtain potentially sensitive information from process memory via crafted HTML pages.
A sandbox escape vulnerability in the Chrome renderer allows an attacker with control over the renderer process to break security boundaries and potentially execute system code.
A use-after-free vulnerability in Chromoting enables remote code execution via malicious network traffic, affecting Linux systems running Chrome versions prior to 150.0.7871.47.
The vulnerability requires a pre-compromised renderer process and is primarily relevant in multi-stage attack chains rather than standalone exploitation.
The vulnerability requires prior compromise of the renderer process and enables a sandbox escape , an escalation scenario relevant in targeted attacks.
This is a standard patch notice from the NVD with no indication of active exploitation or specific attack scenarios beyond the basic vulnerability description.
This vulnerability allows an attacker with a compromised renderer process to escape the sandbox via crafted HTML content, requiring timely updates of Chrome installations.
The vulnerability enables remote injection of arbitrary scripts via crafted HTML pages with high severity, posing significant risk to web-based applications and cloud services used by organizations.
A CSS implementation flaw in Chrome allows attackers to bypass the same-origin policy,a fundamental browser security model,which significantly simplifies phishing, credential harvesting, and malware vectors against end users.
A local vulnerability in the Chrome Updater enables privilege escalation on Windows systems, which is relevant for organizations with local security models, as attackers with user access can gain OS-level privileges.
A flaw in Canvas policy enforcement enables attackers to extract sensitive cross-origin data through crafted web pages, posing elevated risk to users operating across multiple web contexts.
The vulnerability allows an attacker to execute code within Chrome's sandbox; a sandbox escape is possible if combined with additional vulnerabilities.
The vulnerability enables sandbox escape through DOM manipulation via a crafted HTML page without requiring additional user interaction.
The vulnerability requires local access and file-system interaction, limiting risk in typical enterprise environments where desktop isolation and endpoint detection mechanisms are active.
This is an active, critical security flaw in a widely-used browser that can be exploited on Linux systems through minimal user-interaction social engineering.
This vulnerability enables sandbox escape following renderer compromise , a multi-stage attack posing elevated risk to Linux systems within manufacturing environments.
The vulnerability requires prior compromise of the renderer process, which restricts the practical exploitation chain and is primarily relevant in targeted attacks following initial access.
The exploit requires a previously compromised renderer process, which limits immediate exploitability but remains relevant as a second-stage attack following initial compromise.
The vulnerability requires user interaction but enables arbitrary code execution within the browser context, posing significant risk to manufacturing organizations deploying Chrome on Windows endpoints.
The sandbox escape via a heap buffer overflow in V8 enables attackers to break out of the Chrome sandbox and execute arbitrary code with user privileges.
The vulnerability requires specific UI gestures and a malicious file delivery, limiting real-world attack risk in production environments; however, prompt update to version 150.0.7871.47 or later is necessary.
A sandbox escape vulnerability in the renderer process allows an attacker with a compromised renderer to break out of browser isolation and potentially gain system-level access , a critical risk beyond mere information disclosure.
ClickFix uses API-driven backend servers to distribute polymorphic malware while bypassing Windows script scanning through novel delivery techniques.
BSI alert on multiple GNU libc vulnerabilities with broad impact on all Linux systems in production environments; urgency and details depend on the severity level of the underlying CVEs.
The BSI warns of multiple vulnerabilities in Chrome and Edge browsers without citing specific CVE IDs, suggesting this is a summary advisory covering already-known or imminent patches.
BSI warns of multiple critical vulnerabilities in Ubiquiti UniFi OS Server enabling remote code execution and data compromise , a direct threat to network infrastructure requiring urgent patching.
The BSI alert addresses local code execution in a widely deployed PDF reader commonly used for document handling in production environments; specific CVE identifiers and patch status are needed for prioritization.
An aggregation report covering ~382 partly critical CVEs in Chromium-based browsers without describing an active exploitation campaign or specific attack patterns.
Massive credential-spraying attack with 81 million login attempts against Azure CLI indicates coordinated attacks on cloud infrastructure; LSHIY hosting provider as attack infrastructure suggests organized threat actors.
BSI warns of multiple Apache vulnerabilities enabling DoS and security bypasses; without specific CVE details, this is a generic warning without immediate tactical novelty.
The BSI warns of multiple unspecified vulnerabilities in Google Chrome whose details have not yet been publicly disclosed; exact CVE numbers and patches are pending.
The BSI advisory addresses multiple vulnerabilities in widely-used Mozilla products without specifics on CVE numbers or CVSS scores; details are required for patch prioritization.
BSI warns of multiple vulnerabilities in Synology DSM without naming specific CVE identifiers; details on exact impact and patch status are not clear from this advisory.
Local code execution in Adobe Photoshop via maliciously crafted files , affects users in product development and design roles.
BSI warning for multiple vulnerabilities in Adobe Creative Cloud with code-execution potential; no specific CVE IDs or PoC status mentioned in this alert.
Threat actors distribute manipulated ScreenConnect archives disguised as legitimate freeware utilities (OBS Studio, DS4Windows, DNS Jumper, Glary Utilities) to gain access to enterprise-wide systems.
A campaign with 81 million Microsoft 365 login attempts indicates large-scale, automated attacks likely exploiting stolen or weak credentials and potentially bypassing multi-factor authentication.
The BSI warning describes multiple OpenSSL vulnerabilities without specific CVE designations or severity levels , a typical aggregated security alert for critical infrastructure, but requires clarification for prioritization.
A newly discovered RCE vulnerability in 7-Zip when processing NTFS archives requires user interaction but poses significant risk in manufacturing environments where archives are frequently exchanged.
The vulnerability requires an already-compromised renderer process and is therefore primarily an escalation mechanism after initial compromise, not a primary attack vector.
Monthly patch announcement for Chrome with 382 security fixes, of which 15 are rated critical and could allow arbitrary code execution outside the browser sandbox.
FortiBleed is actively being exploited by the Lynx ransomware group for credential theft prior to ransomware deployment, indicating coordinated attack-chain coordination.
ARToken is a fully automated PhaaS panel with 80+ API endpoints for targeted Microsoft 365 phishing, including persistent token acquisition via Microsoft Authentication Broker and SharePoint exfiltration , an escalated threat model compared to earlier EvilTokens reporting.
An out-of-bounds read vulnerability in FFmpeg within Chrome enables attackers to extract potentially sensitive data from process memory via a crafted video file.
UI spoofing vulnerability in Chrome allows attackers to impersonate browser interface via crafted HTML pages, potentially enhancing phishing campaigns.
A sandbox escape vulnerability allows an attacker with renderer process access to break out of the Chrome sandbox, enabling privilege escalation on Windows systems.
A race condition in the DataTransfer mechanism allows attackers to extract sensitive data from browser process memory via a crafted HTML page,relevant for all employees who handle confidential content in Chrome.
The CVE affects a validation flaw in Chrome's ANGLE component that allows an attacker with renderer process access to leak sensitive memory contents,a relatively low risk in stable enterprise environments.
A vulnerability in Google Chrome's WebUI allows attackers to leak cross-origin data through malicious network traffic , relevant for organizations relying on Chrome for sensitive business applications.
This is a pure patch notice with no evidence of active exploitation or campaigns in the wild.
This is a pure patch notification without reports of active exploitation or targeted campaigns; strategic relevance falls below management escalation threshold.
The vulnerability allows an attacker to bypass the same-origin policy via a crafted HTML page, potentially compromising sessions across different origins.
A side-channel vulnerability in Chromium's ComputePressure API enables exfiltration of cross-origin data through crafted HTML pages under specific conditions.
The vulnerability requires prior compromise of the renderer process; for attackers this constitutes a two-stage exploit (web-RCE + sandbox-escape) and is thus further limited in practice by modern browser isolation (e.g., Windows Sandbox, separate processes).
The vulnerability allows attackers to exfiltrate cross-origin data via malicious HTML pages,a direct threat to multi-tab and cloud-based workflows in enterprises.
A same-origin policy bypass via crafted HTML pages potentially enables cross-origin access to sensitive data in browser sessions.
The vulnerability requires deliberate user interaction (specific UI gestures) and access to a crafted HTML page, limiting attack risk to advanced social-engineering scenarios.
Although the vulnerability is rated Medium severity, it enables code execution within the browser sandbox and should be patched promptly, but is not currently documented as actively exploited.
This is a standard Chromium security update with no indication of active exploitation; the UI-spoofing vulnerability requires prior renderer-process compromise.
The vulnerability requires already-compromised renderer processes and is not known to be actively exploited; this is a standard browser patch without geopolitical or campaign implications.
Vulnerability enables bypass of same-origin policy via crafted HTML page without authentication, potentially allowing web-based attacks on locally trusted content.
A privilege escalation vulnerability in Chromoting requires a local attacker to already have file access on the system , typical of insider or post-compromise scenarios following initial compromise.
A race condition in history management enables UI spoofing, but is low-severity and requires user interaction with a crafted HTML page.
The vulnerability requires existing authentication, but does not fully reduce exposure risk for NAS systems available via remote access.
The BSI has published an update warning on multiple unspecified vulnerabilities in Firefox, Firefox ESR and Thunderbird; specific CVE identifiers and exploitation reports are not provided in this notice.
The advisory contains no CVE numbers or specific vulnerability details; this is a generic precautionary notice without current exploitation evidence.
BSI alert on Linux Kernel vulnerabilities lacks CVE details, complicating prioritization for Ubuntu deployments; specific CVEs needed for patch management.
A BSI notification regarding a vague TeamViewer vulnerability without CVE assignment and lacking detailed attack scenarios suggests preventive awareness rather than active exploitation.