Google Chrome ANGLE graphics engine OOB read/write sandbox escape (CVSS 9.6); Chrome 149 record 429-patch release

cve · CVE-2026-10881

Coverage timeline

first 2026-06-07 → last 2026-06-07

Briefs

1 distinct

Sources cited

40 hosts

Sections touched

trending_vulns

Co-occurring entities

see Related entities below

Story timeline

2026-06-07CTI Daily Brief — 2026-06-07
trending_vulnsFirst coverage. Chrome 149 (149.0.7827.53) patches record 429 CVEs incl. CVE-2026-10881 ANGLE OOB read/write sandbox escape (CVSS 9.6); no ITW; verify managed-fleet update.

Where this entity is cited

trending_vulns1

Source distribution

attack.mitre.org21 (23%)
cloud.google.com10 (11%)
thehackernews.com7 (8%)
bleepingcomputer.com5 (5%)
securityweek.com4 (4%)
helpnetsecurity.com4 (4%)
aikido.dev2 (2%)
cert.ssi.gouv.fr2 (2%)
other37 (40%)

Related entities

Google Threat Intelligence Group AI Threat Tracker (May 2026) — first AI-generated zero-day exploit ITW; AI-augmented malware (CANFAIL, LONGSTREAM, PROMPTFLUX, HONESTCUE); state-actor Gemini abuse (UNC2814, APT45, APT27, UNC5673)
annual-reportannual-report:gtig-ai-threat-tracker-may-2026×1
Google Threat Intelligence Group — Europe Data Leak Landscape 2025 (Germany dominant, 96% of victims <5,000 employees)
annual-reportannual-report:gtig-europe-2025×1

External references

NVD · cve.org · CISA KEV

All cited sources (92)

Items in briefs about Google Chrome ANGLE graphics engine OOB read/write sandbox escape (CVSS 9.6); Chrome 149 record 429-patch release (1)

CVE-2026-10881 — Google Chrome (ANGLE graphics engine): out-of-bounds read/write enabling sandbox escape (CVSS 9.6)

From CTI Daily Brief — 2026-06-07 · published 2026-06-07 · view item permalink →

Google shipped Chrome 149 (stable 149.0.7827.53/54) on 2026-06-02, patching 429 vulnerabilities — the largest single-release count in Chrome's history, with over 100 rated critical or high (Google Chrome Releases, 2026-06-02; SecurityWeek, 2026-06-05). The highest-severity externally-reported fix is CVE-2026-10881 (CVSS 9.6), an out-of-bounds read and write in ANGLE — Chrome's graphics-translation layer that maps WebGL/GPU calls to the host graphics API — which SecurityWeek reports remote attackers could exploit to escape Chrome's sandbox via a crafted HTML page, with no interaction beyond visiting the page. The sandbox-escape class is the consequential one for enterprises: a renderer compromise chained through ANGLE yields code execution in the browser process, the launch point for subsequent host privilege-escalation chains. No in-the-wild exploitation has been reported. Chrome auto-updates, but managed and extended-stable fleets routinely lag; verify deployment has reached 149.0.7827.53+ via asset inventory or the ADMX update policy, and confirm no MDM version-pin is holding endpoints back. Maps to T1203 (Exploitation for Client Execution).

CVE Summary Table

The table consolidates the CVE-bearing items across this brief; only CVE-2026-10881 is a § 2 trending-vulnerability entry — the Keycloak and FFmpeg rows are cross-references to § 5 and § 3 respectively.

CVE	Product	CVSS	EPSS	KEV	Exploited	Patch	Source
CVE-2026-10881	Google Chrome ANGLE graphics engine	9.6	~0.04	No	No	Chrome 149.0.7827.53+	SecurityWeek
CVE-2026-9704	Keycloak < 26.6.3 (token exchange)	n/a	n/a	No	No	Keycloak 26.6.3	Keycloak
CVE-2026-4874	Keycloak < 26.6.3 (OIDC token endpoint)	n/a	n/a	No	No	Keycloak 26.6.3	Keycloak
CVE-2026-39210	FFmpeg (TS demuxer; +8 numbered)	n/a	n/a	No	No (PoC public)	Upstream fix commits	depthfirst