Chrome Android GPU sandbox escape (CVE-2026-6920)

Patch now - CVE-2026-6920 is a critical sandbox escape vulnerability in Google Chrome for Android prior to 147.0.7727.117 that lets attackers break out of Chrome’s sandbox and execute arbitrary code on the device after compromising the renderer process. Update your browser immediately to prevent full device takeover.

Overview

CVE-2026-6920 is an out-of-bounds read vulnerability in the GPU component of Google Chrome on Android, patched in version 147.0.7727.117. An attacker who first compromises the renderer process can exploit this flaw to break out of Chrome’s sandbox protections and execute code on the host Android system. This is classified as a high-severity issue by Chromium with a CVSS score of 9.6, indicating critical risk.

Technical Details

The vulnerability exists in Chrome’s GPU process handling on Android devices. When a specially crafted HTML page is rendered, the GPU component reads memory outside its allocated buffer, leaking sensitive data or corrupting memory that sandbox protections should have isolated. Since the attacker can trigger this from the renderer level, it provides a direct escalation path from limited JavaScript execution to full device compromise.

Impact Assessment

Successful exploitation requires two conditions: the attacker must first compromise the renderer process (typically via a separate browser bug or malicious Chrome extension), then convince a user to visit a crafted HTML page. No user interaction beyond browsing is needed for the second stage. If exploited, the attacker gains the same privileges as the Chrome GPU process on Android, effectively bypassing the sandbox. This allows installing malware, stealing local data, or executing arbitrary commands on the device. The risk is elevated on Android because sandbox escape can lead to broader mobile device compromise.

Affected Versions

All Google Chrome versions on Android prior to 147.0.7727.117 are vulnerable. Users of Chrome on desktop platforms are not affected - this bug is Android-specific due to the GPU component implementation.

Remediation

Apply the Chrome update to version 147.0.7727.117 or later immediately. On Android, Chrome automatically updates via Google Play, but users should verify their version:

• Open Chrome on Android
• Navigate to Settings > About Chrome
• Confirm the version is 147.0.7727.117 or higher

Enterprise administrators managing Chrome on corporate Android devices should enforce update policies through Google Play or MDM solutions.

Related Reading

• Google Adds 24-Hour Wait for Unverified App Sideloading
• Interlock Ransomware Exploits Cisco FMC Zero-Day
• DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for

Security Insight

This GPU sandbox escape marks another case where Chrome’s complex GPU stack, written in C++ and shared with other Chromium-based browsers, creates a privilege escalation weak point on mobile devices. The CVSS 9.6 score reflects that while exploitation is not trivial, the consequence of sandbox compromise on Android is total device takeover. Google’s aggressive patching timeline (within 24 hours of disclosure) shows they recognize GPU memory safety bugs as a persistent weakness in their otherwise robust sandbox architecture.

Further Reading

• Google Adds 24-Hour Wait for Unverified App Sideloading
• Interlock Ransomware Exploits Cisco FMC Zero-Day
• DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for
• All Critical Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs