CVE-2026-10020

high

Published 2026-05-28 · Modified 2026-05-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

8.3

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CVSS v4 NEW

—

not yet in upstream

VIR risk

8.3

Description

Insufficient validation of untrusted input in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Predictions

Exploit likelihood

89%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Debian Security Tracker · View original ↗ · DFSG

CVE-2026-10020 NameCVE-2026-10020 DescriptionInsufficient validation of untrusted input in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat,…

CVE-2026-10020

Name	CVE-2026-10020
Description	Insufficient validation of untrusted input in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
chromium (PTS)	bullseye (security), bullseye	120.0.6099.224-1~deb11u1	vulnerable
	bookworm	147.0.7727.137-1~deb12u1	vulnerable
	bookworm (security)	148.0.7778.178-1~deb12u1	vulnerable
	trixie	147.0.7727.137-1~deb13u1	vulnerable
	trixie (security)	148.0.7778.178-1~deb13u1	vulnerable
	forky, sid	148.0.7778.178-1	vulnerable
libskia (PTS)	forky, sid	146.20260414~git.ef5f213+dfsg-4	vulnerable

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency
chromium	source	bullseye	(unfixed)	end-of-life
chromium	source	(unstable)	(unfixed)
libskia	source	(unstable)	(unfixed)	unimportant

Notes

[bullseye] - chromium <end-of-life> (see #1061268)
Root cause for vulnerability is not in libskia (and fixed outside of Skia source)

Home - Debian Security - Source (Git)

Apply commands

text fix

Notes

[bullseye] - chromium <end-of-life> (see #1061268)Root cause for vulnerability is not in libskia (and fixed outside of Skia source)

OS impact

OS	Version	Status
debian	bookworm	affected
debian	bullseye	affected
debian	forky	affected
debian	sid	affected
debian	trixie	affected

References

CWEs

CWE-20

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.