Multiple Sandbox Escape Vulnerabilities in Google Chrome Disclosed
Severity: Medium (Score: 57.8)
Sources: Endorlabs
Published: · Updated:
Keywords: chromium, google, chrome, prior, allowed, remote, attacker
Severity indicators: ot, CVE:CVE-2026-10966, CVE:CVE-2026-10966
Summary
Two critical vulnerabilities, CVE-2026-11112 and CVE-2026-10966, were published on June 4, 2026, affecting Google Chrome versions prior to 149.0.7827.53. CVE-2026-11112 involves insufficient validation of untrusted input in Chromoting, allowing potential sandbox escapes via crafted Chrome Extensions. CVE-2026-10966 relates to inappropriate implementation in Codecs, enabling attackers to exploit crafted video files for similar sandbox escapes. Both vulnerabilities pose significant risks to users on Linux systems. The severity of CVE-2026-10966 is rated high, while CVE-2026-11112 is rated medium. Users are advised to update their browsers to mitigate these risks. Key Points: • CVE-2026-11112 allows sandbox escape via crafted Chrome Extensions on Linux. • CVE-2026-10966 enables exploitation through crafted video files, rated high severity. • Both vulnerabilities affect Google Chrome versions prior to 149.0.7827.53.
Detailed Analysis
**Impact** Google Chrome users on Linux platforms running versions prior to 149.0.7827.53 are affected by these vulnerabilities. Successful exploitation could allow remote attackers to escape the browser sandbox, potentially leading to unauthorized system access. This poses risks to organizations relying on Chrome for secure browsing, particularly those handling sensitive data or operating in high-security environments. No specific sectors, geographies, or numbers of affected users were provided. **Technical Details** Two vulnerabilities are involved: CVE-2026-11112 affects the Chromoting component via insufficient validation of untrusted input in Chrome Extensions, classified as medium severity; CVE-2026-10966 involves an inappropriate implementation in Codecs allowing sandbox escape through crafted video files, classified as high severity. Both require remote attacker control of renderer processes and occur before version 149.0.7827.53. No malware, tools, or infrastructure indicators were detailed. These exploits target the sandbox escape stage of the kill chain. **Recommended Response** Apply the Google Chrome update to version 149.0.7827.53 or later immediately to remediate both vulnerabilities. Monitor for unusual renderer process behavior and crafted Chrome Extensions or video files attempting to exploit sandbox escape. Harden browser configurations by restricting extension installations and disabling automatic video playback where feasible. No specific IOCs were provided for blocking.
Source articles (2)
- CVE-2026-11112 — Endorlabs · 2026-06-06
Insufficient validation of untrusted input in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sa… - CVE-2026-10966 chromium — Endorlabs · 2026-06-06
Inappropriate implementation in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity:…
Timeline
- 2026-06-04 — CVE-2026-11112 published: Insufficient validation in Chromoting allows potential sandbox escape via crafted Chrome Extensions.
- 2026-06-04 — CVE-2026-10966 published: Inappropriate implementation in Codecs enables sandbox escape via crafted video files.
- 2026-06-06 — Vulnerabilities reported: Endorlabs published articles detailing the vulnerabilities and their potential impact on users.
CVEs
Related entities
- Zero-day Exploit (Attack Type)
- CWE-20 - Improper Input Validation (Cwe)
- T1203 - Exploitation for Client Execution (Mitre Attack)
- Chromium (Platform)
- Linux (Platform)
- Google Chrome (Tool)
- Chromium Inappropriate Implementation In Codecs (Vulnerability)