Google released an out‑of‑band security update for Chrome on Windows and macOS on June 30, 2026, sealing a critical vulnerability in the ANGLE graphics translation layer that a remote attacker could use to escape the browser’s sandbox and seize control of a user’s machine. The flaw, tracked as CVE‑2026‑13780, was rated Critical and shipped in Chrome version 150.0.7871.47. It marks the first zero‑day sandbox escape of the year for the world’s most widely used browser.
The flaw: what actually changed
The bug lived inside ANGLE (Almost Native Graphics Layer Engine), an open‑source library that Chrome uses to convert WebGL calls into the native graphics API of the underlying operating system—Direct3D on Windows, Metal on macOS, and Vulkan on Linux/Android. According to Google’s advisory, the component performed insufficient validation of certain WebGL commands, allowing a malicious shader or buffer operation to corrupt memory in a way that let the GPU process break out of its sandbox and reach the broker process.
Because Chrome splits rendering work across three process fences—the renderer sandbox (least trusted), the GPU process sandbox, and the broker (the user’s regular desktop privileges)—an attacker needs two bugs to pull off a full system compromise: first, a renderer bug to inject code into the sandboxed rendering process, and second, a sandbox‑escape bug like CVE‑2026‑13780 to punch through to higher privilege. Google did not disclose whether this particular flaw was already being combined with a renderer exploit in the wild, but the out‑of‑band release on a Monday afternoon suggests the company considered the risk urgent.
The update also fixes a second vulnerability, CVE‑2026‑13781, a use‑after‑free in the File System API that allowed a compromised renderer to write arbitrary files outside the sandbox. While the two bugs are independent, they could be chained together to achieve remote code execution with a single visit to a malicious or compromised website.
What it means for you
If you run Chrome on a Windows or macOS laptop, desktop, or tablet, an unpatched browser is vulnerable to a “one‑click” attack. Merely browsing to a website that serves poisoned WebGL content—often via a malicious advertisement, a compromised third‑party JavaScript library, or a supply‑chain attack on a legitimate site—could allow an attacker to implant malware, steal credentials, or deploy ransomware without any additional user interaction.
Home users should treat this as an emergency patch. Even if you have automatic updates enabled, Chrome’s update cycle can sometimes lag by several hours. The moment you finish reading this article, open the Chrome menu (three dots) → Help → About Google Chrome; the browser will immediately check for the update and prompt you to restart. After the restart, verify the version number matches 150.0.7871.47 or higher.
IT administrators face a more urgent workload. Because Google revealed that the renderer component of the attack chain might already be in circulation, every endpoint that is allowed to browse the web should be considered a potential stepping stone into the corporate network.
- Inventory all managed Chrome installations—on Windows via Group Policy or SCCM, on macOS via MDM profiles.
- Check for the latest version using Google’s Chrome Enterprise release notes.
- Force an immediate update via your management console; do not wait for the regular patch cycle.
- Review web‑filtering logs for any evidence of unusual WebGL traffic, especially to unfamiliar domains.
- If your organization allows guest networks or BYOD devices, notify employees immediately.
Developers and power users who build or maintain WebGL applications should review their code for constructs that might trigger the ANGLE bug, though doing so without the still‑private technical details is largely impossible. More practically, ensure your own browsers are updated before you test anything that lives on the public internet.
How we got here
ANGLE has been a cornerstone of Chrome’s graphics stack for over a decade, born out of the need to run WebGL content on Windows without requiring users to install heavyweight OpenGL drivers. As WebGL grew into a full‑fledged API capable of delivering browser‑based games, CAD tools, and machine‑learning demos, the attack surface of ANGLE ballooned. Every new GLSL shader optimization, every Vulkan‑to‑Metal translation path, introduced fresh opportunities for memory corruption.
Sandbox escapes that originate in the GPU process are particularly dangerous because the GPU sandbox historically had a larger system‑call surface than the renderer sandbox. While Google has been tightening both sandboxes over the last five years—most notably on Windows with the adoption of AppContainer and allow‑listed system calls—each update that closes one door often reveals a window. In 2024 alone, the Chrome Vulnerability Rewards Program paid out over $1 million for GPU‑process sandbox escapes, a clear signal that they are both highly sought by attackers and difficult for defenders to prevent entirely.
CVE‑2026‑13780 is the third ANGLE‑related sandbox escape patched in the last 18 months. Last February, a similar insufficient‑validation bug in the D3D12 backend led to an exploit chain that researchers at Kaspersky linked to a cyber‑espionage group. The steady recurrence suggests that fuzzing efforts, while aggressive, still struggle to keep pace with the combinatorial explosion of graphics driver paths that ANGLE exposes.
Notably, Google has been gradually migrating Chrome’s graphics pipeline toward what it calls “Renderer‑GPU isolation v2,” which would further decompose the GPU process and limit what a single corrupt shader can access. The v2 architecture has been available as an experimental flag since Chrome 128 and was scheduled to become the default in Chrome 152. The June 30 patch may accelerate that timeline.
What to do now
-
Update immediately. The patch is live in the stable channel. Go to
chrome://settings/helpor use the system’s package manager on Linux. The update also covers Edge, Brave, Vivaldi, and any other Chromium‑based browser that has adopted the latest stable build—though each vendor’s release cadence may differ, so check their respective update pages. -
Enable the new GPU isolation flag as a temporary hardening measure (power users). Paste
chrome://flags/#enable‑renderer‑gpu‑isolation‑v2into the address bar, set the flag to Enabled, and relaunch Chrome. This re‑compartmentalizes the GPU process and may break the exploit chain even if a similar bug resurfaces. Note that the flag is experimental; some WebGL‑intensive sites might show minor rendering glitches. -
For enterprise admins: deploy the administrative template for Chrome 150 and set the
Auto-updatepolicy to force‑update all clients within 24 hours. Use theBackgroundModeEnabledpolicy to keep Chrome alive long enough to fetch the update over corporate networks. Detailed guidance is available in Google’s Chrome Browser Cloud Management documentation. -
Monitor for unusual GPU activity. On Windows, the
chrome://gpupage will show the ANGLE backend in use (D3D11,D3D12, orOpenGL). While this does not indicate compromise, a sudden switch in backend—triggered by a driver installation or a flag—could point to an attacker trying to massage the rendering pipeline into a vulnerable state. -
If you suspect you’ve been targeted, collect logs from
chrome://conflictsand the Windows Event Viewer for any suspicious process launching after a browser crash, and report the incident to your security vendor or national CERT.
Outlook
Google stated it will release the full technical write‑up of CVE‑2026‑13780 no sooner than 14 days after the patch, following its standard responsible‑disclosure policy. Security researchers often reverse‑engineer patches within hours, so detailed exploit techniques will likely become public before the two‑week window closes. That gives attackers a narrow window to weaponize the bug against stragglers. Unless your systems have an iron‑clad reason to delay, patching in the first 48 hours is the single best defense.
The broader takeaway is that browser sandbox escapes—once considered exotic—are now a routine tool in the attacker’s arsenal. Chrome’s multi‑process architecture depends on every level of the sandbox keeping its promise. When one level fails, the user’s desktop is no more secure than if they had been running an unsandboxed application. The ANGLE component, because it sits at the intersection of web content and native driver complexity, will continue to be a prime target. Keep auto‑updates on, stay current, and assume that any browser you haven’t restarted in the last week is already yesterday’s risk.