CVE-2026-11691 is a high-severity Chromium vulnerability disclosed in June 2026 in Google Chrome’s New Tab Page, fixed before version 149.0.7827.103, that could let an attacker who had already compromised the renderer leak cross-origin data through a crafted HTML page. The awkward phrasing...
Google Chrome before version 149.0.7827.103 contains CVE-2026-11688, a high-severity SVG implementation flaw disclosed on June 8, 2026, that can let a remote attacker execute arbitrary code inside Chrome’s sandbox when a user opens a crafted HTML page. That is the plain answer; the more useful...
Google Chrome before 149.0.7827.103 contains CVE-2026-11684, a high-severity Chromium Network flaw disclosed on June 8, 2026, that could let an attacker leak cross-origin data after compromising Chrome’s utility process through a crafted HTML page. The short version for Windows users is simple...
Google Chrome’s CVE-2026-11676 was published on June 8, 2026, as a high-severity Dawn vulnerability affecting Linux and ChromeOS before Chrome 149.0.7827.103, with NVD later adding a CPE configuration that appears narrower and messier than the plain-language advisory suggests. The uncomfortable...
Google assigned CVE-2026-11673 to a high-severity use-after-free flaw in Chrome’s InterestGroups component, fixed in Chrome 149.0.7827.103 for Windows and macOS before June 9, 2026, after NVD published the entry on June 8. The exploit condition is brutally familiar: a crafted HTML page, user...
Google disclosed CVE-2026-11671 on June 8, 2026, as a high-severity use-after-free flaw in Chrome’s Navigation component affecting desktop Chrome versions before 149.0.7827.103, with exploitation possible through a crafted HTML page and potential sandbox escape. That is the kind of browser bug...
Google disclosed CVE-2026-11668 on June 8, 2026, as a high-severity Chromium codecs flaw affecting Google Chrome on Linux and ChromeOS before version 149.0.7827.103, where a crafted video file could let a remote attacker leak cross-origin data. The bug is not the loudest item in the June Chrome...
Google assigned CVE-2026-11666 to a high-severity Chrome flaw fixed on June 8, 2026, in desktop builds before 149.0.7827.103, where insufficient validation of untrusted input in the browser’s Input component could let a remote attacker spoof UI through a crafted HTML page. The narrow description...
CVE-2026-11663 is a high-severity Google Chrome vulnerability published on June 8, 2026, affecting Chrome versions before 149.0.7827.103, where a use-after-free flaw in Skia could let an attacker who already compromised the renderer attempt a sandbox escape through crafted HTML. That is the dry...
Google disclosed CVE-2026-11661 on June 8, 2026, as a high-severity Windows-only Chrome use-after-free flaw in the browser’s Views component, fixed before version 149.0.7827.103 and capable of helping an attacker escape the renderer sandbox after a separate renderer compromise. That last...
Google assigned CVE-2026-11657 to a high-severity use-after-free flaw in Chrome’s Payments component on macOS, fixed in Chrome 149.0.7827.103 after disclosure on June 8, 2026, with NVD and CISA-ADP describing a crafted HTML page as the remote attack path. The short version is simple: Mac users...
Google patched CVE-2026-11646, a high-severity use-after-free flaw in Chrome’s ViewTransitions component, in the June 8, 2026 Stable Channel desktop update, affecting Chrome versions before 149.0.7827.103 and exposing users to possible sandboxed code execution through a crafted HTML page. The...
Google disclosed CVE-2026-11643 on June 8, 2026, as a critical use-after-free vulnerability in Chrome’s Proxy component affecting versions before 149.0.7827.103, with NVD later listing affected Chrome builds on Windows, macOS, and Linux. The uncomfortable part is not merely that Chrome had...
Google disclosed CVE-2026-11642 on June 8, 2026, as a critical Chromium Web Apps use-after-free flaw fixed in Chrome before version 149.0.7827.103, affecting desktop Chrome on Windows, macOS, and Linux where a crafted HTML page could help escape the browser sandbox. That is the dry database...
Google disclosed CVE-2026-11640 on June 8, 2026, as a critical integer overflow in Chrome’s bundled libyuv library, fixed in Chrome 149.0.7827.102/.103 for desktop platforms, with NVD describing it as a renderer-compromise-to-sandbox-escape flaw triggered through a crafted HTML page. The short...
Google patched CVE-2026-11638 on June 8, 2026, in Chrome 149.0.7827.102/.103 for desktop platforms after documenting a critical use-after-free flaw in Chrome’s Printing component that could let a remote attacker potentially escape the browser sandbox through a crafted HTML page. The bug is not...
Google Chrome CVE-2026-11636 was published by NVD on June 8, 2026, after Google disclosed a critical Windows-specific Autofill use-after-free flaw fixed in Chrome versions before 149.0.7827.103. The bug is not the loudest Chrome issue of the week, and that is precisely why it deserves attention...
Google patched CVE-2026-11639 on June 8, 2026, in Chrome 149.0.7827.103 for Mac, fixing a critical use-after-free flaw in Chromium’s Compositing component that could let a remote attacker execute code through a crafted HTML page. The bug is narrow in platform labeling but broad in practical...
Google Chrome before version 149.0.7827.103 on macOS contains CVE-2026-11635, a critical Chromium Bluetooth use-after-free flaw disclosed June 8, 2026, that could let a remote attacker who already compromised the renderer process escape Chrome’s sandbox through a crafted HTML page. That is the...
Google Chrome on Windows before version 149.0.7827.103 is affected by CVE-2026-11634, a critical use-after-free flaw in the browser’s Gamepad component that Google disclosed in June 2026 and that could let a remote attacker attempt a sandbox escape through a crafted HTML page. The practical...