PatchSiren cyber security CVE debrief
CVE-2026-10929 Google CVE debrief
CVE-2026-10929 is a High-severity vulnerability in Google Chrome's ANGLE (Almost Native Graphics Layer Engine) component. The issue is a heap buffer overflow that occurs when processing a crafted HTML page, potentially allowing a remote attacker who has compromised the renderer process to escape the sandbox.
- Vendor
- Product
- Chrome
- CVSS
- HIGH 8.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-05
Who should care
Users of Google Chrome on Android, particularly those who may be exposed to malicious HTML pages.
Technical summary
The vulnerability exists in the ANGLE component of Google Chrome on Android versions prior to 149.0.7827.53. A remote attacker who has compromised the renderer process can exploit this issue by providing a crafted HTML page, potentially leading to a sandbox escape.
Defensive priority
High
Recommended defensive actions
- Update Google Chrome to version 149.0.7827.53 or later.
- Be cautious when opening HTML pages from untrusted sources.
Evidence notes
This CVE was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-10929) and detailed further on [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-10929).
Official resources
-
CVE-2026-10929 CVE record
CVE.org
-
CVE-2026-10929 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Source reference
[email protected] - Permissions Required
CVE-2026-10929 was published on 2026-06-04T23:16:55.323Z and modified on 2026-06-05T20:10:26.850Z.