CVE-2026-6921

Google · Chrome

A race condition exists within the GPU component of Google Chrome on Windows, affecting versions prior to 147.

Executive summary

A critical race condition in the Google Chrome GPU process on Windows creates an opportunity for attackers to compromise system security.

Vulnerability

The vulnerability involves a race condition in the GPU processing component, which could allow an unauthenticated attacker to execute arbitrary code or cause a system crash through malicious web content.

Business impact

A CVSS score of 8.3 indicates a high risk of remote code execution or system instability. Successful exploitation could allow an attacker to escape the browser sandbox, potentially leading to full user-level compromise of the host machine and subsequent access to corporate resources.

Remediation

Immediate Action: Update all instances of Google Chrome on Windows to version 147 or later as soon as the update is released.

Proactive Monitoring: Employ endpoint detection and response (EDR) solutions to monitor for suspicious browser-initiated child processes or unexpected GPU driver behavior.

Compensating Controls: Utilize browser security policies to disable non-essential features and enforce the latest security patches through centralized management software.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Browser vulnerabilities are frequent targets for exploitation. Organizations should ensure that automated update mechanisms for Chrome are enabled and verified, ensuring all endpoints are patched to version 147 to eliminate this race condition risk.