CVE-2026-5879 Google CVE debrief

Who should care

macOS users running Google Chrome; enterprise security teams managing browser deployments; organizations with bring-your-own-device policies where Chrome is permitted; security researchers tracking browser sandbox bypass techniques

Technical summary

The vulnerability resides in ANGLE (Almost Native Graphics Layer Engine), Chrome's compatibility layer for OpenGL ES on desktop platforms. Insufficient validation of untrusted input allows a remote attacker to achieve arbitrary code execution within the Chrome sandbox process. The attack vector requires user interaction (visiting a malicious HTML page) and results in high impact to confidentiality, integrity, and availability per CVSS:3.1 vector AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The sandbox containment limits but does not eliminate risk, as renderer compromise can enable further chain attacks.

Defensive priority

HIGH

Recommended defensive actions

• Update Google Chrome on macOS to version 147.0.7727.55 or later
• Verify Chrome version via chrome://settings/help
• Enable automatic updates for Chrome to prevent future exposure
• Monitor for unexpected browser crashes or graphics anomalies that may indicate exploitation attempts
• Review and restrict execution of untrusted HTML content in isolated environments where patching is delayed

Evidence notes

Vendor advisory confirms fix in Chrome 147.0.7727.55. Chromium bug tracker entry exists but requires permissions to view full details. CPE data indicates macOS as the affected platform with Chrome as the vulnerable product.

Official resources