You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
chrome sandbox escape
About this tag
The chrome sandbox escape tag on WindowsForum covers high-severity vulnerabilities in Google Chrome on Windows that allow attackers to break out of the browser's sandbox after compromising a renderer process. Recent discussions focus on CVE-2026-11679, a use-after-free flaw in Codecs affecting Chrome before version 149.0.7827.103, and CVE-2026-7914, a Windows-only accessibility bug fixed in Chrome 148.0.7778.96. Both require an initial renderer compromise and involve chained exploitation, making them strategically important for defenders. The tag highlights the nuance of Windows-specific Chrome exposures and the complexity of vulnerability management.
Google’s Chrome team assigned CVE-2026-13920 on June 30, 2026, to a Windows-only Chrome Media input-validation flaw fixed in Chrome 150.0.7871.47, where an attacker who had already compromised the renderer could potentially use a crafted HTML page to escape the browser sandbox. The National...
Google Chrome CVE-2026-11679, published by NVD on June 8, 2026 and modified on June 9, affects Chrome on Windows before version 149.0.7827.103, where a use-after-free flaw in Codecs could let a renderer-compromising attacker attempt a sandbox escape via crafted HTML. The short answer to the CPE...
Google and the Chromium project disclosed CVE-2026-7914 on May 6, 2026, describing a high-severity Windows-only Chrome accessibility bug fixed in Chrome 148.0.7778.96 that could let an attacker escape the browser sandbox after first compromising a renderer process. That short description is...