CVE-2026-6921
Google · Chrome
A race condition exists within the GPU component of Google Chrome on Windows, affecting versions prior to 147.
Executive summary
A critical race condition in the Google Chrome GPU process on Windows creates an opportunity for attackers to compromise system security.
Vulnerability
The vulnerability involves a race condition in the GPU processing component, which could allow an unauthenticated attacker to execute arbitrary code or cause a system crash through malicious web content.
Business impact
A CVSS score of 8.3 indicates a high risk of remote code execution or system instability. Successful exploitation could allow an attacker to escape the browser sandbox, potentially leading to full user-level compromise of the host machine and subsequent access to corporate resources.
Remediation
Immediate Action: Update all instances of Google Chrome on Windows to version 147 or later as soon as the update is released.
Proactive Monitoring: Employ endpoint detection and response (EDR) solutions to monitor for suspicious browser-initiated child processes or unexpected GPU driver behavior.
Compensating Controls: Utilize browser security policies to disable non-essential features and enforce the latest security patches through centralized management software.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Browser vulnerabilities are frequent targets for exploitation. Organizations should ensure that automated update mechanisms for Chrome are enabled and verified, ensuring all endpoints are patched to version 147 to eliminate this race condition risk.