HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-10924Published Modified CNA Chrome

CVE-2026-10924: Integer overflow in Chromecast in Google Chrome prior to 149

Integer overflow in Chromecast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Metrics

CVSS v3.1
8.3
Severity
HIGH
Fixed in
149.0.7827.53
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An integer overflow in the Chromecast component of Google Chrome before version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to escape the browser sandbox via a crafted HTML page. The vulnerability is reachable over the network but requires the victim to interact with a malicious page, and exploitation depends on non-trivial environmental factors given the high attack complexity rating. Successful exploitation gives the attacker full confidentiality, integrity, and availability impact outside the sandbox boundary, effectively achieving code execution at a higher privilege level. A patched-image rebuild at 149.0.7827.53 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-10924 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all container images in customer registries and CI/CD pipelines, including custom-built images that bundle a Chrome or Chromium binary.

Available
Triage

HarborGuard scores this CVE at CVSS 8.3 HIGH and weights it against each environment's compliance policy to determine urgency; the resulting finding is routed to the appropriate team inbox inside each customer organization based on configured ownership rules.

Available
Patch

A patched-image rebuild at Chrome 149.0.7827.53 becomes available through HarborGuard the moment the fixed base image or package is resolvable from upstream. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the victim's browser over the network, typically by hosting or injecting a crafted HTML page that the victim navigates to.

  • AuthenticationNot required

    No authentication is needed; the attacker does not need any account or credential on the target system.

  • Victim interactionRequired

    The victim must visit or be directed to a crafted HTML page, making this a social-engineering-dependent attack vector.

  • Attack complexityDetail

    Attack complexity is rated High, meaning exploitation depends on additional preconditions beyond the attacker's direct control, specifically that the renderer process must already be compromised before the sandbox escape can be attempted.

Blast Radius

  • A successful attacker reads data accessible outside the Chrome sandbox, including stored credentials, session tokens, and files on the host filesystem.
  • The attacker can write or modify data on the host, including user files and persistent application state outside the browser's normal isolation boundary.
  • The attacker can crash or destabilize host-level processes, causing service disruption beyond the browser tab or profile.
  • Because scope is changed (S:C in the CVSS vector), impact extends beyond the vulnerable component itself, meaning the attacker gains capabilities in the broader host environment, not just within Chrome.

How HarborGuard Handles This

Available on HarborGuard: images containing a Chrome or Chromium binary below version 149.0.7827.53 are flagged automatically as affected by this CVE within minutes of the advisory entering upstream feeds. Where compliance policy permits, HarborGuard can trigger a patched-image rebuild at 149.0.7827.53, execute a regression test run against the rebuilt image, and open a pull request against affected workloads; for high-severity CVEs, the median time from publication to a merged patch PR for environments with auto-remediation enabled is around 90 minutes. For customers who have not enabled auto-remediation, the finding is surfaced in the HarborGuard dashboard with the fix version clearly indicated, allowing engineering teams to act on it manually. Given that exploitation requires a pre-compromised renderer, network-policy controls that restrict outbound connections from Chrome-based workloads can reduce the practical risk surface while a patch is being applied.

See how HarborGuard automates this

Fix available

149.0.7827.53
Affected packages
  • Google / Chrome
    < 149.0.7827.53 (from 149.0.7827.53)
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
References