External risk intelligence

ANGLE Use After Free in Chrome Allows Sandbox Escape

CVE advisorySeverity: CRITICAL (CVSS 9.6)

CVE-2026-14390

This vulnerability affects a client-side web browser. While it requires the user to load a crafted page, the browser itself is not an internet-facing service, gateway, or appliance that is remotely accessible by design. It functions as a client application, making it a very unlikely candidate for persistent public-internet-facing attack surface exposure.

Use After Free

Google Chrome

before 150.0.7871.46

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

This advisory concerns a use-after-free vulnerability in ANGLE, a component used by Google Chrome. The issue could allow an attacker to escape the browser's sandbox by tricking a user into visiting a malicious webpage. While the technical details involve complex memory management, the high severity rating suggests a potential for significant impact if exploited. The primary concern is confirming if this specific technology is used within the organization and assessing any potential exposure.

  • ANGLE vulnerability allows sandbox escape.
  • Confirms relevance and exposure for potential impact.
  • Understand potential risks and confirm usage.

Attack Path

How an attacker could exploit the issue

An attacker could start by luring a user to a malicious website. If the user visits this site using a vulnerable browser, the browser's ANGLE component could be manipulated through a "use after free" flaw. This could allow the attacker to break out of the browser's security sandbox, potentially leading to broader system compromise.

  • User visits a malicious website.
  • Crafted HTML page triggers vulnerability.
  • Potential sandbox escape and system compromise.

Live Threat

Current exploitation, exposure, and threat context

A use-after-free vulnerability in ANGLE, a component of Google Chrome, could allow a remote attacker to escape the browser's sandbox. This could occur when a user visits a specially crafted HTML page. The sandbox escape may lead to unauthorized access to system resources beyond the intended browser environment.

  • Browser sandbox and system data.
  • Via a crafted HTML page.
  • Potential for system-level compromise.

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability in ANGLE, used by Google Chrome, requires immediate attention from teams responsible for end-user computing and application security. The first step is to inventory all endpoints running the affected browser version, determine if they are accessible from the internet, and then confirm the accountable owner for managing browser updates and user experience. Planning for remediation should be risk-based, considering the potential for sandbox escapes and data compromise.

  • Identify affected end-user systems.
  • Verify exposure and business criticality.
  • Plan targeted browser updates.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is the ANGLE component in Google Chrome?

ANGLE is an open-source graphics engine abstraction layer within Chromium. It translates standard graphics API calls, like OpenGL, into the native API used by your operating system, such as DirectX or Vulkan. It ensures that 3D content and hardware-accelerated graphics render correctly across different devices and platforms.

What does the use-after-free weakness mean in CVE-2026-14390?

A use-after-free, categorized as CWE-416, occurs when software continues to use a memory pointer after that memory has been cleared or released. In this vulnerability, an attacker can manipulate how ANGLE manages memory, potentially regaining control over the freed space to execute unauthorized commands and break out of the browser's security sandbox.

How is this Chrome vulnerability triggered?

This flaw is triggered when a user navigates to a specifically crafted HTML page designed to exploit memory mismanagement in ANGLE. Simply having the browser installed or running in the background does not trigger the bug; it requires the user to actively load the malicious content within the browser.

Is my organization at risk according to Halo Surface Signal?

Halo Surface Signal notes that since Chrome is a client-side application rather than a server or gateway, it is a very unlikely candidate for persistent public-internet-facing attack surface exposure. While a user could be targeted by a malicious link, the browser is not remotely accessible by design as an internet-facing service.

How should I respond to this browser security update?

The immediate priority is to identify systems running versions of Chrome older than 150.0.7871.46. Once you have an inventory of these endpoints, coordinate with your IT or desktop management teams to ensure the browser software is updated to the latest stable release to patch the ANGLE component.

References