Vulnerability CVE-2026-9999: Information

Description

Inappropriate implementation in ANGLE in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2026-9999

Published: May 28, 2026

Modified: June 1, 2026

Error type identifier: CWE-269

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
chromium	sisyphus	148.0.7778.216-alt1	149.0.7827.114-alt1	ALT-PU-2026-8548-2	419541	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html	Vendor Advisory
https://issues.chromium.org/issues/513364480	Permissions Required

Affected configurations:
1. cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
  End excluding
  148.0.7778.216
  cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

Version: v26.6.1