CVE-2026-9889: Out of bounds read and write in Google Chrome
Out of bounds read and write in Dawn in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
AI Analysis
Technical Summary
This vulnerability in Google Chrome for Android involves out of bounds memory access (read and write) within the Dawn component. Such memory corruption can potentially be exploited by a remote attacker to escape the browser's sandbox environment, increasing the attacker's privileges and potentially compromising the device. The issue affects versions prior to 148.0.7778.216. Although the vulnerability is classified as critical by Chromium security, no CVSS score or detailed remediation guidance is currently provided. The vendor advisory linked does not explicitly confirm patch availability or mitigation steps.
Potential Impact
Successful exploitation could allow a remote attacker to escape the sandbox in Google Chrome on Android, potentially leading to execution of arbitrary code with elevated privileges. This increases the risk of device compromise. However, there are no known exploits in the wild at this time, and the exact impact depends on exploitation success.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Users should update Google Chrome on Android to version 148.0.7778.216 or later once available. Until then, exercise caution when browsing untrusted websites. Monitor the official Google Chrome release blog for updates regarding fixes.
CVE-2026-9889: Out of bounds read and write in Google Chrome
Description
Out of bounds read and write in Dawn in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CVSS v3.1
Score 8.3high
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Google Chrome for Android involves out of bounds memory access (read and write) within the Dawn component. Such memory corruption can potentially be exploited by a remote attacker to escape the browser's sandbox environment, increasing the attacker's privileges and potentially compromising the device. The issue affects versions prior to 148.0.7778.216. Although the vulnerability is classified as critical by Chromium security, no CVSS score or detailed remediation guidance is currently provided. The vendor advisory linked does not explicitly confirm patch availability or mitigation steps.
Potential Impact
Successful exploitation could allow a remote attacker to escape the sandbox in Google Chrome on Android, potentially leading to execution of arbitrary code with elevated privileges. This increases the risk of device compromise. However, there are no known exploits in the wild at this time, and the exact impact depends on exploitation success.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Users should update Google Chrome on Android to version 148.0.7778.216 or later once available. Until then, exercise caution when browsing untrusted websites. Monitor the official Google Chrome release blog for updates regarding fixes.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Chrome
- Date Reserved
- 2026-05-28T17:24:44.271Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html","vendor":"Google"}]
Threat ID: 6a18c65de29bf47b503b50b3
Added to database: 5/28/2026, 10:49:01 PM
Last enriched: 5/29/2026, 12:05:19 AM
Last updated: 5/29/2026, 5:33:00 PM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.