cve 2026 11270

CVE-2026-11270 is a Google Chrome for Android vulnerability published on June 4, 2026, affecting versions before 149.0.7827.53. It allows a remote attacker to leak cross-origin data through a crafted HTML page. Chromium classifies it as low severity, while CISA's ADP scoring gives it a medium CVSS 3.1 score of 6.5 due to potentially high confidentiality impact. This is not a browser-takeover bug but a privacy boundary failure that administrators and mobile-heavy organizations should address. The patch involves updating Chrome for Android to version 149.0.7827.53 or later. The tag covers discussion of the vulnerability, its severity split, and patching guidance.