HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-10949Published Modified CNA Chrome

CVE-2026-10949: Heap buffer overflow in Video in Google Chrome prior to 149

Heap buffer overflow in Video in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Metrics

CVSS v3.1
8.3
Severity
HIGH
Fixed in
149.0.7827.53
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A heap buffer overflow vulnerability exists in the Video component of Google Chrome prior to version 149.0.7827.53. The flaw is reachable over the network but requires a victim to interact with a crafted HTML page, and the attacker must have already compromised the renderer process; the CVSS score reflects a high-complexity attack chain. Successful exploitation enables a sandbox escape, giving the attacker read and write access to memory outside the sandboxed renderer with high impact to confidentiality, integrity, and availability. A patched-image rebuild at version 149.0.7827.53 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built images that bundle Chrome or Chromium. Any image carrying a Chrome version below 149.0.7827.53 is flagged automatically.

Available
Triage

HarborGuard scores this CVE at CVSS 8.3 (HIGH) and surfaces it accordingly in each customer's triage queue, weighted against the environment's active compliance policy. Routing rules direct the finding to the team or inbox configured for high-severity browser-component issues within each customer org.

Available
Patch

A patched-image rebuild pinned to Chrome 149.0.7827.53 is available for any image HarborGuard identifies as affected. For customers with auto-remediation enabled, HarborGuard triggers a rebuild, runs a regression test suite against the new image, and opens a pull request against affected workloads without requiring manual intervention.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the crafted HTML page over the network, so the target Chrome instance must be reachable by or browsing content served from a remote origin.

  • AuthenticationNot required

    No account or credential is needed to serve the malicious page to a victim; the attack requires no prior authentication to the target.

  • Victim interactionRequired

    The victim must visit or be redirected to the attacker-controlled HTML page, making this a social-engineering or drive-by delivery scenario.

  • Attack complexityDetail

    Attack complexity is high: the attacker must have already compromised the renderer process before the overflow can be used for a sandbox escape, introducing a significant prerequisite beyond the initial page load.

Blast Radius

  • A successful sandbox escape lets the attacker execute code outside the Chrome sandbox with the privileges of the browser process, breaking the primary isolation boundary that Chrome relies on.
  • The attacker gains high-confidentiality impact, meaning they can read memory, credentials, cookies, and session data held by the browser process outside the sandboxed renderer.
  • High-integrity impact means the attacker can write to or corrupt data structures and files accessible to the browser process, including persisted profile data and locally stored credentials.
  • High-availability impact means the attacker can crash or destabilize the browser process, causing a denial of service for the affected user session.

How HarborGuard Handles This

Available on HarborGuard: any image containing Chrome below 149.0.7827.53 is detected and queued for remediation within minutes of CVE publication. A rebuilt image at the fixed version (149.0.7827.53) is available immediately upon detection. For customers with auto-remediation enabled, HarborGuard rebuilds the affected image, runs regression tests, and opens a pull request against affected workloads; for high-severity issues, the median time from CVE publication to merged patch PR is around 90 minutes in environments with auto-remediation active. Where compliance policy does not permit automatic remediation, the finding is routed to the appropriate team inbox with full CVSS context and a direct reference to the fix version so engineers can act manually. Given the sandbox-escape nature of this flaw and its high-complexity prerequisite (renderer compromise), customers who cannot immediately patch are advised to consider network-policy controls that restrict which origins Chrome instances in containerized workloads can reach, reducing the attacker's ability to deliver the crafted page.

See how HarborGuard automates this

Fix available

149.0.7827.53
Affected packages
  • Google / Chrome
    < 149.0.7827.53 (from 149.0.7827.53)
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
References