VYPR
Vypr IntelligenceAI-generatedJun 4, 2026· 6 CVEs

Google Chrome ANGLE: Six Medium-to-High Severity Bugs Disclosed Together

Six vulnerabilities affecting Google Chrome's ANGLE graphics engine were disclosed on June 4, 2026, with potential impacts ranging from information disclosure to sandbox escapes.

Key findings

  • Six vulnerabilities in Google Chrome's ANGLE graphics engine disclosed on June 4, 2026.
  • Vulnerabilities range in severity from Medium to High.
  • Potential impacts include sandbox escapes and sensitive information disclosure.
  • All issues affect Chrome versions prior to 149.0.7827.53.
  • Patched in Google Chrome version 149.0.7827.53.

On June 4, 2026, a cluster of six vulnerabilities impacting the ANGLE (Almost Native Graphics Layer Engine) component within Google Chrome was disclosed. These vulnerabilities, all affecting versions prior to 149.0.7827.53, were published within minutes of each other, indicating a coordinated disclosure event. The issues carry security severities ranging from Medium to High, with potential consequences including sandbox escapes and sensitive information disclosure.

The disclosed vulnerabilities primarily stem from insufficient validation of untrusted input and memory management errors within ANGLE. Specifically, CVE-2026-11113, CVE-2026-11066, and CVE-2026-11043 are related to insufficient input validation, with the latter two potentially allowing for sandbox escapes. CVE-2026-11043 specifically notes an out-of-bounds write vulnerability on macOS.

Further compounding the issues are memory-related vulnerabilities. CVE-2026-11005 describes an out-of-bounds read in ANGLE on Windows, which could lead to the disclosure of sensitive process memory. Similarly, CVE-2026-10930, a high-severity out-of-bounds read vulnerability on macOS, also allows for unauthorized memory access. CVE-2026-11104, another medium-severity vulnerability, involves uninitialized use in ANGLE, potentially leading to the leakage of sensitive information from process memory.

All six vulnerabilities were identified as affecting Google Chrome versions prior to 149.0.7827.53. The descriptions suggest that an attacker would need to have already compromised the renderer process to exploit most of these flaws, often through a crafted HTML page. However, the potential for sandbox escapes and sensitive data exfiltration highlights the severity of these issues.

Google has addressed these vulnerabilities by releasing Chrome version 149.0.7827.53. Users are strongly advised to ensure their Google Chrome installations are updated to this latest version to mitigate the risks associated with these newly disclosed ANGLE vulnerabilities. The coordinated disclosure of these six bugs underscores the ongoing importance of keeping web browsers updated to protect against sophisticated attacks targeting rendering engines.

AI-written article. Grounded in 6 CVE records listed below.