Google has rolled out an urgent fix for a sandbox escape vulnerability in Chrome on Windows that could hand attackers the keys to the underlying operating system. The flaw, indexed as CVE-2026-7973, carves a path out of the browser’s protective sandbox through the Dawn WebGPU implementation, and it’s already patched in the stable channel with version 148.0.7778.96.

Chrome’s sandbox is a bedrock defense. It traps compromised renderer processes so that even if an attacker achieves code execution inside a webpage, they’re walled off from the user’s files, network, and other applications. A sandbox escape busts through that wall. Combined with a separate renderer exploit—such a pairing is the standard “two-bug chain” in targeted attacks—CVE-2026-7973 could allow a remote attacker to install malware, steal data, or pivot deeper into the network with the same privileges as the logged-on user.

What is CVE-2026-7973?

CVE-2026-7973 is a medium-severity vulnerability in Dawn, Chromium’s cross-platform implementation of WebGPU. WebGPU is a modern graphics API that gives web applications low-level access to the GPU for games, machine learning, and video processing. Dawn handles the heavy lifting: translating JavaScript calls into native GPU commands on Direct3D 12 (Windows), Metal (macOS), and Vulkan (Linux). Because these operations often require elevated system permissions, Dawn’s GPU process rides inside the same sandbox as the renderer. The flaw lies in how that process manages memory or validates GPU commands, allowing a carefully crafted WebGPU shader or buffer operation to break through the sandbox barrier.

Chromium’s severity rating of “Medium” may feel misleading. The team reserves “High” and “Critical” for bugs that are directly exploitable without additional vulnerabilities. A sandbox escape alone usually cannot compromise a patched browser on its own—it needs a companion renderer bug. In the wild, however, attackers chain these vulnerabilities. History shows that medium-rated sandbox escapes are routinely paired with zero-day renderer flaws in advanced exploitation campaigns. For defenders, treating CVE-2026-7973 as high-priority is prudent.

Technical Details: Dawn’s Sandbox Escape

Although full technical specifics are withheld to give users time to patch, the Chromium bug database hints at memory safety issues inside Dawn’s handling of GPU buffers. WebGPU allows direct allocation of GPU memory from JavaScript. If Dawn’s validation layer misses an edge case—say, a race condition during buffer mapping or an integer overflow in a size computation—the GPU process may write outside its allocated memory region. On Windows, the sandbox relies heavily on restricted tokens and job objects. A memory corruption primitive that overwrites sandbox policy structures could elevate the process’s privileges, effectively breaking isolation.

Security researcher contributions, rewarded through Google’s Vulnerability Reward Program, likely identified the bug. Where possible, Google credits researchers in its release notes; however, no public attribution was included in the initial Chrome 148 stable channel announcement. The bug was fixed alongside seven other security patches in this release cycle, with CVE-2026-7973 being the only sandbox escape.

Affected Platforms and Versions

CVE-2026-7973 affects Google Chrome on Windows. The vulnerable versions are:

  • Chrome 148.0.7778.* earlier than .96
  • Edge 148.0.7778.* (based on Chromium) earlier than .96
  • Other Chromium-based browsers that incorporate the Dawn WebGPU component prior to the patch

Linux and macOS builds are not indicated as affected in the advisory, though Dawn is present on those platforms. It’s possible the vulnerability is Windows-specific due to the sandboxing mechanism or GPU driver interaction. Users of Chromium derivatives should check their browser’s update cadence and apply the patch as soon as it becomes available.

Mitigation and Patch

Update Chrome immediately. The browser usually self-updates in the background, but you can trigger it manually:

  1. Click the three-dot menu in the top-right corner.
  2. Navigate to Help > About Google Chrome.
  3. If an update is available, it will download automatically.
  4. Relaunch Chrome to complete the installation.

The About page will show Version 148.0.7778.96 after the update.

Enterprise administrators can deploy the MSI installer or use Google Update policies to push the patch. Group Policy objects (GPOs) that control update cadence should be reviewed to ensure auto-update is enabled. For air-gapped environments, download the offline installer from the Chrome Enterprise download page.

As an additional layer of defense, organizations can consider disabling WebGPU entirely until patching is complete—though this may break sites that rely on WebGPU features. The flag #enable-webgpu in chrome://flags can be toggled to “Disabled,” but this is a blunt instrument and not a substitute for the update.

The Bigger Picture: WebGPU Security

WebGPU is no longer an experimental curiosity. Chrome has shipped it to billions of users, and sites like Google Maps, Photoshop for Web, and various immersive 3D experiences already use it. With that adoption comes an expanded attack surface. Unlike WebGL, which relies on OpenGL ES and a simpler validation layer, WebGPU pushes more responsibility onto the browser’s implementation. Dawn must validate every shader instruction, buffer access, and texture operation to prevent GPU memory corruption or Denial-of-Service attacks.

The Chromium team has invested heavily in fuzzing and static analysis for Dawn, but as GPU compute grows more complex, new flaws surface. CVE-2026-7973 is a reminder that even a well-audited component can harbor escape hatches. The industry should also note that Microsoft’s Edge uses the same Dawn codebase, so Chromium security fixes benefit the broader ecosystem.

Historical Context: Sandbox Escapes in Chrome

Chrome’s sandbox has been bypassed before. In 2023, CVE-2023-6345 allowed an integer overflow in the Skia 2D library to escape via a vulnerability in the OS-level GPU process. In 2024, CVE-2024-5274 targeted a type confusion in the V8 engine that, when chained with a Win32k kernel exploit, achieved full system compromise. Each time, Google’s multi-process architecture forced attackers to combine a renderer bug with a sandbox escape, raising the cost of exploitation. CVE-2026-7973 continues this cat-and-mouse dynamic. The fact that it was rated “Medium” and fixed within the regular release cycle—rather than as an out-of-band emergency patch—suggests it was not being exploited in the wild at the time of discovery. But given the value of sandbox escapes on the exploit market, that can change quickly.

What Should Users Do?

  • Update Chrome now. Verify the version. If you see a “Relaunch” button in the top-right corner, click it.
  • Enable automatic updates. Chrome’s default setting is sufficient for most users. Avoid disabling the Google Update service.
  • Use a standard (limited) user account for daily activities. Even if a sandbox escape succeeds, a secondary exploit is usually needed to gain administrative rights.
  • Be cautious with links and attachments. Most renderer exploits require user interaction, such as visiting a malicious webpage. Phishing remains the top delivery vector.
  • Consider isolating high-risk browsing via Chrome profiles or using the built-in sandbox enhancements on Windows 11 (Enhanced Phishing Protection, Defender Application Guard).

Future Outlook

WebGPU’s momentum is unstoppable. It will underpin the next generation of browser-based games, AI inference, and professional creative tools. With that comes a requirement for relentless security engineering. Google’s Chromium Security Team has indicated plans to shift Dawn toward more Rust code—Rust’s memory safety guarantees could prevent an entire class of bugs like buffer overflows—but rewriting a complex GPU stack is a multi-year endeavor. In the meantime, CVE-2026-7973 shows that even mature sandbox implementations need continuous scrutiny. Users, meanwhile, should treat Chrome updates as non-negotiable. The window between a patch and the first in-the-wild exploit is shrinking every year.