cve 2026 11178

CVE-2026-11178 is a medium-severity Chromium WebView policy-bypass vulnerability affecting Google Chrome on Android before version 149.0.7827.53. Published by NVD on June 4, 2026, it allows a remote attacker to leak cross-origin data through a crafted HTML page. While not the most severe issue in Chrome 149's security update, this flaw resides in WebView, where browser security intersects with application security and device fleet risk. Administrators should not underestimate its operational impact despite a modest CVSS score. Discussions on WindowsForum highlight the importance of patching this vulnerability to prevent potential data leaks in enterprise environments.