CVE-2026-14382: Sandbox Escape Vulnerability in ANGLE in Google Chrome Prior to 150.0.7871.46
A sandbox-escape vulnerability allows attackers to break out of the Chrome sandbox via crafted HTML pages and potentially gain higher system privileges.
Comparing 2 July 2026 with the previous day 25 June 2026.
A sandbox-escape vulnerability allows attackers to break out of the Chrome sandbox via crafted HTML pages and potentially gain higher system privileges.
The vulnerability requires an already-compromised renderer process as a prerequisite, making it primarily relevant as a privilege escalation mechanism rather than as a standalone entry point.
The vulnerability allows an attacker to potentially bypass Chrome's sandbox through a crafted HTML page and gain access to system resources.
The vulnerability allows an attacker with access to the renderer process to achieve a sandbox escape, significantly increasing the risk of complete system compromise.
A sandbox-escape vulnerability in Google's ANGLE rendering engine potentially allows remote code execution with elevated privileges via crafted HTML pages, with no documented active exploitation in the wild yet.
The sandbox escape requires prior renderer process compromise but is critical for attackers who already have initial code execution within the browser.
The vulnerability enables sandbox escape following renderer process compromise, representing a local privilege-escalation risk on already-compromised endpoints.
A use-after-free vulnerability in Chrome's Dawn component enables sandbox escape and potential arbitrary code execution with elevated privileges , a critical threat to endpoints, particularly in production environments using Chrome.
A use-after-free in the Skia rendering engine enables sandbox escapes via crafted HTML pages, allowing remote code execution on the host system and representing one of the highest severity levels.
An out-of-bounds vulnerability in Chrome's Dawn graphics engine potentially enables sandbox escape via crafted HTML pages with no confirmed active exploitation in the wild.
A use-after-free vulnerability in the ANGLE graphics library enables potential sandbox escape via crafted HTML pages, with no evidence of active exploitation in the wild.
Successful exploitation requires a pre-compromised renderer process, limiting risk to multi-stage attack scenarios, but the sandbox escape represents a critical privilege-escalation vector.
Sandbox-escape vulnerability in Chrome requires a pre-compromised renderer process, limiting practical exploitation but still warranting timely patching.
This is a standard security patch notification with no evidence of active exploitation or coordinated attack campaigns in the wild.
A critical use-after-free vulnerability in Google's ANGLE rendering engine allows an attacker to bypass Chrome's sandbox and execute arbitrary code with elevated privileges , a direct escalation risk for endpoint infection.
State-sponsored threat actors (APT29/Cloaked Ursa, UNC6692) are actively using compromised Microsoft Teams accounts to impersonate IT support and harvest credentials with documented success against targeted organizations.
A critical remote code execution vulnerability in 7-Zip enables arbitrary code execution by unauthenticated remote attackers , immediate mitigation required.
An authentication vulnerability in Check Point Remote Access VPN and Mobile Access is being actively exploited; attackers can establish VPN sessions without credentials and potentially access internal networks.
Sandbox-escape vulnerability in V8 allows attackers to execute code with elevated privileges via crafted HTML pages, but is documented as a standard patch advisory with no evidence of active exploitation.
An out-of-bounds read vulnerability in Chrome's ANGLE renderer allows extraction of sensitive data from process memory; this is already patched in Chrome version 150.0.7871.46 and later.
The vulnerability allows leaking data across origin boundaries via crafted HTML pages, potentially enabling attackers to access sensitive information from other websites within the same browser.
The vulnerability affects the ANGLE graphics library in Chrome and enables memory read access via crafted HTML pages, potentially exposing sensitive process memory data.
This is a standard advisory on a patched Chromium CVE with no indication of active exploitation or strategic implications for Swiss industry.
This CVE is a standard browser security vulnerability with no geopolitical or supply-chain implications; it requires routine patch management like any other Chrome update.
An integer overflow vulnerability in Google's V8 JavaScript engine enables remote code execution within Chrome's sandbox through crafted HTML pages and requires timely patching.
The vulnerability enables sandbox escape via Type Confusion in V8; this is significant for Chrome users in production environments exposed to advanced web-based exploits.
This is a standard security patch notification for an already-reported Chrome vulnerability with no indication of active exploitation or targeted campaigns.
The BSI warns of multiple undisclosed vulnerabilities in Google Chrome; details are not yet published, complicating timely patch monitoring.
No changes in this category.
No changes in this category.
A Cisco SD-WAN zero-day was actively exploited for months prior to disclosure, with evidence of file deletion and system configuration restoration by the attacker to evade detection.
The official Swiss security report 2026 designates Russia as Europe's greatest threat with aggressive hybrid warfare directly targeting Switzerland in cyberspace, critical infrastructure, and espionage , a strategic signal for Swiss manufacturing SMEs.
Gamaredon is escalating its malware obfuscation and command-and-control infrastructure evasion capabilities, signalling an intensification of Russian cyber operations against European targets.
German Federal Office for the Protection of the Constitution warns of targeted Chinese espionage in academic and research institutions , a strategic risk for European technology and manufacturing industry through leakage of sensitive research findings.
After a global lull in 2024,2025, ransomware gangs have actively refocused on Europe and are deliberately targeting EU organizations and their supply chains,a strategic risk for Swiss and European manufacturing enterprises.
The BSI advisory aggregates multiple critical Exchange vulnerabilities without naming specific CVEs, indicating a regularly updated collective warning.
The BSI warns of multiple critical vulnerabilities in OpenSSL that can enable remote code execution, security bypasses, and data loss.
Race-condition vulnerability in Linux kernel memory management with potential for memory corruption under concurrent access to memcg lists.
A stack buffer overflow in the netfilter implementation allows kernel-memory corruption and potential code execution when specific nft rule combinations are processed.
More than half of the vulnerabilities are use-after-free defects that can lead to remote code execution; prompt patching is required.
Cisco Talos documents systematically how malware exploits COM interfaces for lateral movement, persistence, and evasion , a fundamental defensive competency for Windows-heavy infrastructure defenders.
The BSI has issued a security advisory on multiple vulnerabilities in Adobe Acrobat DC and Adobe Acrobat Reader DC enabling remote code execution and privilege escalation, though specific CVE identifiers are not named in this notice.
BSI warns of multiple Chrome vulnerabilities not yet fully disclosed; details remain embargoed until patches are available.
Chrome 149.0.7827.196/197 patches 18 vulnerabilities including four critical flaws; no indication of active in-the-wild exploitation yet, but Chrome zero-days have been exploited multiple times this year.
A flaw in error-handling during iptables/netfilter rule processing allows leaking internal kernel memory addresses, potentially bypassing KASLR mitigation.
The vulnerability enables a kernel crash (DoS) through missing validation before skb_pull() in GRO network processing and potentially affects all protocols handling fragmented packets via GRO.