cve 2026 11010

CVE-2026-11010 is a high-severity use-after-free vulnerability in Chrome on Android's WebShare feature, disclosed by Google on June 4, 2026. The flaw was fixed before Chrome version 149.0.7827.53. A notable aspect of this CVE is the discrepancy between Chromium's own "Medium" severity rating and CISA's ADP process scoring it as high. Additionally, NVD configuration data may inaccurately describe Chrome plus Android as a combined affected platform, while the bug is specific to Chrome on Android. This distinction matters for patch automation, exposure management, compliance, and risk reporting. The tag covers discussions on severity label mismatches, CPE confusion, and the implications for vulnerability management workflows.