Google shipped Chrome 150.0.7871.47 for macOS on June 30, 2026, containing a fix for a sandbox escape vulnerability tracked as CVE-2026-14097. The flaw, rooted in the browser’s WebAppInstalls component, could allow an attacker who has already compromised the Chrome renderer to break out of the sandbox and execute code on the host system. Windows and Linux versions are not affected by this specific bug, but the update is a stark reminder that keeping Chrome current is non-negotiable — especially when sandbox boundaries are at stake.

A flaw in the WebAppInstalls pipeline

The vulnerability sits inside Chrome’s WebAppInstalls implementation, a subsystem that handles Progressive Web App (PWA) installations. When a user installs a PWA, Chrome passes a series of parameters — manifest data, icons, and sometimes service worker registrations — through a pipeline that interfaces with the operating system. CVE-2026-14097 stems from a weakness in how that pipeline validates data crossing the sandbox boundary on macOS. An attacker who first seizes control of the renderer (through a separate bug, like a memory corruption in the JavaScript engine) could craft a malicious PWA installation request that confuses the sandbox logic and escapes confinement.

Google’s advisory classifies the bug as High severity — one step below Critical — because it requires an existing renderer compromise. But for anyone who regularly interacts with the web, that’s a small hurdle. Modern exploit chains often chain a renderer memory bug with a sandbox escape to achieve full system takeover. Closing the escape route is the difference between a browser crash and a persistent malware infection.

The fixed version, Chrome 150.0.7871.47, is rolling out now via the browser’s built-in update mechanism. The Chrome Releases blog entry for this version does not mention any other security fixes, suggesting this was a targeted patch pushed out as soon as the flaw was verified. Google has not said whether the bug was exploited in the wild before the patch, nor has it credited a specific researcher — details that usually emerge later when the company updates its CVE page.

What this means for you

If you use Chrome on a Mac, update immediately. The sandbox is the last line of defense between a hijacked tab and your documents, browser profiles, and local files. Without it, any malicious website that successfully pops the renderer — via a zero-day or an unpatched build — can potentially install software, steal credentials, or pivot to other devices on your network.

For Windows and Linux users, this specific CVE does not apply. Chrome on those platforms uses different sandbox configurations and inter-process communication paths, so the WebAppInstalls bug is macOS-only. That said, Google often bundles backported fixes for other platforms in the same release, and the version bump to 150.0.7871.47 ships for all operating systems. You should update regardless — there’s almost always a grab bag of less-publicized Low and Medium fixes included.

IT administrators and MDM managers should push the update through whatever software distribution tool they use. Chrome’s managed updates can be enforced via Group Policy on Windows or a configuration profile on macOS, and this is precisely the kind of vulnerability that justifies enabling automatic updates with aggressive deadlines.

Developers who ship PWAs should take note, too. A flaw in WebAppInstalls doesn’t mean PWAs are inherently insecure, but it’s a reminder that the installation path is a rich attack surface. When you build a PWA, you trust the browser to sandbox that installation process — a bug here echoes far downstream.

How we got here: a brief history of Chrome sandbox escapes

Chrome’s sandboxing architecture separates the browser into multiple processes. The renderer — handling HTML, JavaScript, and CSS — runs with minimal privileges and can only communicate with the outside world through tightly controlled IPC channels. The broker process, running at higher integrity, mediates those calls. A sandbox escape is an attack that finds a hole in that mediation layer.

CVE-2026-14097 isn’t the first macOS-specific sandbox escape in recent memory. In 2022, a vulnerability in Chrome’s USB enumeration logic (CVE-2022-2856) allowed a compromised renderer to execute arbitrary commands on macOS by abusing the IOKit interface. A year before that, CVE-2021-38003 was an escape via the File System Access API that affected all platforms but was particularly severe on macOS due to the way entitlements are granted. In each case, the sandbox boundary is only as strong as its weakest system-call filter — and macOS’s unique mix of Mach ports, XPC services, and app sandbox entitlements keeps security engineers busy.

The WebAppInstalls pipeline has been a target before, too. In 2023, a bug in the system-level installation of PWAs on Windows (CVE-2023-5480) allowed a malicious site to install a PWA without any user prompt. That one didn’t escape the sandbox, but it showed how the installation path can be subverted to create persistence. Today’s flaw goes further by breaking out entirely.

Google’s security model is built on defense-in-depth: even if the renderer falls, the sandbox should hold. That makes sandbox escapes disproportionately dangerous because they defeat the assumption that a compromised page is contained. Bounties for sandbox escapes are high — the Chrome Vulnerability Reward Program pays up to $15,000 for a high-quality escape report — and Google rushes patches for these bugs with unusual speed.

What to do now

Update Chrome on every device you manage. On macOS, open Chrome, click the three-dot menu, choose Help > About Google Chrome. The browser will check for updates and prompt you to relaunch if version 150.0.7871.47 is available. On Windows and Linux, the same procedure applies; while you won’t get the macOS-specific fix, you’ll receive whatever other patches are bundled with the release.

Verify the version. After updating, navigate to chrome://version and look for “Google Chrome 150.0.7871.47” — if you see an earlier build, the update hasn’t been applied. Enterprise users can cross-check via Chrome’s msi installer or by pushing the latest stable package through their software management tool.

Enable automatic updates if you haven’t already. Chrome updates itself silently by default, but some organizations disable this to control rollout timing. If you must gate updates, set a policy that forces installation within 48 hours for security fixes rated High or above.

Watch for the CVE details. Google typically withholds the full technical write-up until a majority of users have patched, to delay weaponization. Once the details appear on the Chrome Releases blog or the CVE database, administrators can assess whether any local software (like legacy PWAs or custom installation scripts) might be affected by similar misconfigurations.

Beyond Chrome: check other Chromium browsers. Browsers like Edge, Brave, and Opera share the Chromium engine and often lag behind Chrome’s patch cycle by a few days. Each vendor will pull the fix into their own tree; you can check their respective release notes for the same CVE number. If you rely on one of these browsers, its update channel should be monitored just as rigorously.

Outlook

Expect a detailed post-mortem from Google’s Chrome Security team within a week or two, possibly with credit to the researcher who found the bug. The WebAppInstalls codebase will almost certainly get a broader security review now that a sandbox escape has been traced to it. For the rest of us, June 30’s patch is a reminder that the sandbox is a barrier that breaks in surprising places — and that the “restart your browser” prompt deserves attention every time it appears.