PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-9916 Google CVE debrief

CVE-2026-9916 is an out-of-bounds write vulnerability in ANGLE, the graphics layer used by Google Chrome. The flaw exists in versions prior to 148.0.7778.216 and was assigned High severity by the Chromium security team. A remote attacker who has already compromised the renderer process can exploit this vulnerability to potentially escape the Chrome sandbox via a crafted HTML page. The vulnerability was published to the CVE database on May 28, 2026, with a subsequent modification on May 29, 2026. The underlying weakness is categorized as CWE-787 (Out-of-bounds Write). No known exploitation in ransomware campaigns has been reported, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.

Vendor
Google
Product
Chrome
CVSS
HIGH 8.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-28
Original CVE updated
2026-05-29
Advisory published
2026-05-28
Advisory updated
2026-05-29

Who should care

Organizations with managed Chrome deployments, security teams responsible for browser security, and endpoints with users who may encounter adversarial web content. Priority should be given to environments where sandbox escapes would significantly expand attacker access.

Technical summary

The vulnerability resides in ANGLE (Almost Native Graphics Layer Engine), which translates OpenGL ES API calls to platform-specific graphics APIs. An out-of-bounds write condition allows memory corruption that can be leveraged to escape the Chrome sandbox when combined with a prior renderer process compromise. The attack vector requires user interaction with a malicious HTML page, and the vulnerability is exploitable remotely. The fix was released in Chrome Stable Channel update 148.0.7778.216.

Defensive priority

high

Recommended defensive actions

  • Update Google Chrome to version 148.0.7778.216 or later to remediate this vulnerability.
  • Prioritize patching on endpoints where users browse untrusted or adversarial web content, as successful exploitation requires prior renderer compromise but enables sandbox escape.
  • Monitor for anomalous renderer process behavior or unexpected sandbox escape attempts as potential indicators of exploitation.
  • Review application control policies to restrict execution of outdated Chrome versions where automatic updates are not enabled.

Evidence notes

Vulnerability description and severity rating sourced from official Chromium security advisory. CWE-787 classification confirmed via NVD metadata. Vendor attribution to Google Chrome based on source references from [email protected].

Official resources

2026-05-28