Google released an urgent update for Chrome on macOS on Tuesday, pushing version 150.0.7871.47 to the Stable channel and slamming the door on a dangerous sandbox escape vulnerability. The flaw, catalogued as CVE-2026-13785, carries a near‑maximum CVSS score of 9.6 and allows a remote attacker to break out of the browser’s protective sandbox using nothing more than a specially crafted HTML page and a few clicks from the victim. While the vulnerability is specific to Apple’s desktop operating system, it sends a clear warning to the entire Chrome user base—including the millions on Windows 11 and Windows 10—that browser‑based exploits remain one of the most lucrative attack vectors.
The fix arrived as an out‑of‑band release, typical for high‑severity sandbox bugs that can be chained with other exploits to achieve full system compromise. Google’s advisory remains characteristically terse, confirming only that a “sandbox escape” was fixed for macOS and that the company is aware of reports that an exploit for this vulnerability exists in the wild. No further technical details have been disclosed, consistent with Google’s policy to withhold specifics until a majority of users have applied the patch.
What exactly changed — Chrome 150.0.7871.47 for Mac
For Mac users, the update from any prior version of Chrome to 150.0.7871.47 replaces a vulnerable component inside the browser’s sandbox logic. CVE-2026-13785 involves a flaw that allows a remote attacker to escape the sandbox after a victim visits a malicious website and performs a specific sequence of mouse clicks, drags, or other UI gestures. The sandbox is designed to isolate web content from the rest of the operating system, so escaping it means an attacker could execute arbitrary code outside Chrome’s protected memory space—potentially installing malware, stealing credentials, or tampering with the system without leaving obvious traces.
The attack scenario described in the advisory is a two‑stage compromise. First, the attacker must deliver a crafted HTML page, likely via a phishing link, a malvertisement, or a compromised legitimate site. Second, the victim must interact with the page in a way that triggers the escape—this is not a “zero‑click” exploit but still falls well within the range of social engineering tricks that users fall for daily. Google has not shared the exact UI gesture required, presumably to delay copycat attacks, but it could be as simple as clicking a fake dialog, dragging a fake scrollbar, or accepting a full‑screen prompt.
The CVSS 3.1 vector string highlights the seriousness: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H. Translated, that means the attack can be launched remotely over a network, requires no special privileges, and needs only user interaction (the “R” for “Required”) to achieve a complete compromise of confidentiality, integrity, and availability, all while escaping Chrome’s security boundary (scope change). This combination of low attack complexity and high impact places it among the most critical Chrome vulnerabilities disclosed this year.
The update was pushed to the Stable channel for macOS first. Windows and Linux versions of Chrome did not receive this specific patch, confirming that the root cause is tied to the macOS sandbox implementation—perhaps a flaw in the inter‑process communication framework, a bypass of Mach kernel entitlements, or a weakness in the way Chrome interacts with the macOS seatbelt sandbox.
What this means for you — Mac users, Windows users, and IT admins
If you’re running Chrome on a MacBook, iMac, or Mac mini, this is a “stop everything and update” moment. Open Chrome, click the three‑dot menu, go to Help > About Google Chrome, and let the browser download and install version 150.0.7871.47. The update process takes less than a minute, and while Chrome normally updates itself silently, manual checking eliminates any delay. If you use multiple browsers based on Chromium—such as Microsoft Edge, Brave, or Opera—keep an eye on their release notes, as they often incorporate upstream fixes within a few days.
For Windows and Linux users, the immediate risk from this specific CVE is zero. The vulnerability is bound to macOS’s sandbox architecture, so there is no direct threat to your machine. However, this does not mean you should ignore the news. First, the same Chrome version string (150.0.7871.47) will roll out to Windows and Linux as a routine stable update soon, and it will include other security fixes that haven’t been disclosed yet—perhaps even similarly rated vulnerabilities that Google deemed “high” or “critical” but are platform‑independent. Second, the existence of a public sandbox escape on one platform often hints at architectural weaknesses that attackers will probe on others. In 2021, a Chrome sandbox escape (CVE-2021-21148) was initially reported as Windows‑only, but further research revealed it could be adapted to macOS and Linux within weeks.
IT administrators who manage fleets of Macs should treat this as a priority‑one patch. Use your MDM solution or Chrome’s enterprise policies to force an immediate update on all managed Mac devices. For Windows environments, there is no equivalent patch to push, but this is an excellent opportunity to audit your browser update compliance. A surprising number of organizational Chrome installations lag behind stable channel releases by weeks, leaving them exposed to other known vulnerabilities. Set Chrome to update automatically via Group Policy or your configuration management tool, and consider enabling the “Click to Play” for plugins and stricter site isolation policies as additional layers of defense.
How we got here — a brief history of Chrome sandbox escapes
The Chrome sandbox is one of the most scrutinized pieces of software security in the world. It has been battle‑tested for over a decade and has survived multiple Pwn2Own contests where well‑funded teams attempt to break it. Sandbox escapes are therefore rare, and when they appear, they command seven‑figure bounty payments from Google’s Vulnerability Reward Program. CVE-2026-13785 is only the fourth sandbox escape with a public exploit in the wild since 2020.
The macOS sandbox implementation differs from Windows and Linux in important ways. While Windows version relies on a restricted token and job object model, and Linux uses user namespaces and seccomp‑BPF, macOS leverages the Seatbelt sandbox driven by the sandbox‑init/exec mechanism. This means a bug in the macOS‑specific code can exist without affecting other platforms. Google’s security team has repeatedly noted that maintaining a consistent sandbox abstraction across operating systems is “an ongoing engineering challenge,” and the code that enforces sandbox policies often contains platform‑specific quirks.
CVE-2026-13785 appears to be just such a quirk. The mention of “specific UI gestures” suggests the escape may involve tricking the macOS window server or the browser’s UI process into believing a permission dialog originated from a trusted source inside the sandbox. Similar techniques were used in past macOS‑only escapes, including a 2019 bug that exploited a race condition in the way Chrome handed off file picker requests to the operating system.
The discovery was likely made by an external researcher or by Google’s own Project Zero or Threat Analysis Group, which routinely hunts for zero‑days being used in targeted attacks. The assignment of a 2026 CVE ID confirms the bug was registered this year and patched relatively quickly—Google typically has a 14‑day remediation window for critical severity issues, but that can be compressed to 24 hours when active exploitation is detected.
What to do now — concrete steps for everyone
Start by checking your Chrome version right now. On any desktop platform, type chrome://settings/help into the address bar. If your version is below 150.0.7871.47, Chrome should begin downloading the update automatically. Once it completes, a “Relaunch” button will appear—save your work and click it. If you see “Chrome is up to date” and the version number matches, you’re protected. If you’re on Windows and still on version 149.x or earlier, your browser will update to 150.0.7871.47, but without the macOS‑specific sandbox fix. That’s still a good thing, because even minor releases contain dozens of other patches.
Enable automatic updates if you’ve previously turned them off. On Windows, Chrome’s updater runs as a scheduled task; ensure it isn’t disabled by corporate policy. For home users, the simplest check is to look for the three‑dot menu’s color: a green or orange indicator means an update has been waiting for more than 2 days, and an immediate restart is overdue.
Consider using a secondary browser for high‑risk activities until the patch has been deployed everywhere in your organization. While this specific bug doesn’t affect Windows, it’s a zero‑day for Mac, and many Windows users dual‑boot or work in multi‑OS environments where a compromised Mac could pivot to Windows networks.
For those who want to go further, enable Chrome’s “Strict site isolation” flag at chrome://flags/#enable-site-per-process. This forces each website into a separate renderer process, making it much harder for a compromised renderer to leverage a sandbox escape against any other site’s data. Also, switch to a standard (non‑administrator) user account for daily browsing. Many post‑exploitation tools require elevated rights to install persistence, and a sandbox escape from a limited account still leaves the attacker at a lower privilege level.
Businesses should evaluate their proxy and endpoint detection and response (EDR) tools. A sandbox escape that doesn’t generate a known malware signature can still be caught by behavioral analysis—for example, an unusual child process of Chrome, like a shell or a binary downloading additional payloads, should trigger an immediate alert.
Finally, pay attention to Chrome’s release blog and the CVE database in the coming days. Once the majority of users are patched, Google will publish a detailed post‑mortem that often includes the root cause and lessons learned. That intelligence can help defenders understand whether the same technique might be portable to another OS.
Outlook — what to watch next
This sandbox escape is the most severe Chrome vulnerability disclosed so far this year, and it will almost certainly be discussed at security conferences and exploited by less sophisticated attackers once full technical details leak. For Mac users, the immediate threat will fade as updates propagate. For Windows shops, the key takeaway is that browser escapes are still a reality—and that a platform‑specific bug can evolve into a cross‑platform threat. Google’s rapid response and transparent CVSS scoring are commendable, but they also underscore the fact that no piece of software that touches the web is truly bulletproof.
Keep an eye on the Chromium issue tracker for any supplementary commits that might hint at a parallel fix for Windows. If such a fix appears in a subsequent release, it would suggest the bug’s root cause was broader than initially believed. For now, update your browser, check your security posture, and treat every crafted HTML page as a potential weapon.