HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-11088Published Modified CNA Chrome

CVE-2026-11088: Integer overflow in ANGLE in Google Chrome prior to 149

Integer overflow in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Metrics

CVSS v3.1
9.6
Severity
CRITICAL
Fixed in
149.0.7827.53
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An integer overflow vulnerability in ANGLE, the graphics abstraction layer used by Google Chrome, allows a remote attacker who has already compromised the renderer process to escape Chrome's sandbox via a crafted HTML page. The CVSS vector indicates the attack is reachable over the network, requires no authentication, but does require the victim to visit a malicious page, and carries critical severity at 9.6. Successful exploitation gives the attacker full read, write, and crash capabilities outside the sandbox, effectively breaking the browser's primary containment boundary. A patched-image rebuild at version 149.0.7827.53 is available on HarborGuard for environments running an affected version of Chrome.

HarborGuard Coverage

Detection

Detection for CVE-2026-11088 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream feeds, including custom-built images that bundle a Chromium or Chrome binary. Any container image carrying a Chrome version below 149.0.7827.53 will surface this finding in the scan results.

Available
Triage

HarborGuard scores this finding at CVSS 9.6 Critical and weights it against each environment's compliance policy to determine breach-of-threshold alerting and routing. Triage tickets are routed to the appropriate team inbox inside each customer organization based on image ownership and policy configuration.

Available
Patch

A patched-image rebuild pinned to Chrome 149.0.7827.53 or later becomes available through HarborGuard the moment the fix version is confirmed in upstream advisory feeds. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression suite against the updated image, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the exploit over the network by directing the victim to a crafted HTML page hosted on a remote origin.

  • AuthenticationNot required

    No account or credential is needed; any unauthenticated user browsing to the malicious page can be targeted.

  • Victim interactionRequired

    The victim must open or be redirected to the attacker-controlled HTML page, making social engineering or malicious ad delivery the primary delivery mechanism.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other variable environmental factors beyond a successful prior renderer compromise.

Blast Radius

  • A successful attacker escapes the Chrome renderer sandbox and executes arbitrary code in the context of the browser process on the victim host.
  • With sandbox escape achieved, the attacker reads files, credentials, and session tokens accessible to the browser process user account.
  • The attacker writes or modifies files on the host filesystem and can install persistent payloads outside the browser's sandboxed storage.
  • The attacker can crash or destabilize the browser process and any dependent services running under the same user context.

How HarborGuard Handles This

Available on HarborGuard: any container image embedding Chrome below 149.0.7827.53 is flagged Critical immediately upon scan, with findings visible in the dashboard and routed per each environment's compliance policy. Where auto-remediation is enabled, HarborGuard rebuilds the image at the fixed version, executes a regression run, and opens a pull request against affected workloads; for Critical-severity issues, the median time from CVE publication to merged patch PR in environments with auto-remediation enabled is around 90 minutes. For environments where auto-remediation is not enabled, the finding appears in the triage queue with the fix version pre-populated so engineers can act without additional research. Because this vulnerability requires a pre-existing renderer compromise as a precondition, teams should also consider network-policy controls that restrict outbound connectivity from containers running Chrome-based tooling, reducing the attacker's ability to reach command-and-control infrastructure even if the renderer is compromised.

See how HarborGuard automates this

Fix available

149.0.7827.53
Affected packages
  • Google / Chrome
    < 149.0.7827.53 (from 149.0.7827.53)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
References