cve-2026-11172

CVE-2026-11172 is a medium-severity Chromium vulnerability affecting Google Chrome on Android before version 149.0.7827.53. Published June 4, 2026, the flaw involves incorrect Contact Picker security UI that could allow a remote attacker to spoof interface cues via a crafted HTML page. Unlike typical memory-corruption bugs, this issue targets the boundary between browser trust, Android permissions, and user intent. Discussions on WindowsForum cover what enterprises must do to mitigate the risk, emphasizing that this type of UI spoofing is increasingly critical in modern web security. The tag aggregates threads and resources for IT administrators and security professionals managing Chrome deployments on Android devices.