cve-2026-11175

CVE-2026-11175 is a security vulnerability affecting Google Chrome on Android versions prior to 149.0.7827.53. Disclosed on June 4, 2026, this flaw allows a crafted HTML page to spoof security-related UI in the browser's Messages surface, enabling UI spoofing attacks. Unlike typical memory corruption issues, this bug misleads users about the security state of the browser. The National Vulnerability Database initially recorded it as a compound Chrome-and-Android configuration problem, but it is specifically a Chrome-for-Android vulnerability. This distinction is important for vulnerability management systems. Discussions on WindowsForum cover the fix, risk management, and implications for enterprise security teams.