cve-2026-11291

CVE-2026-11291 is a low-severity vulnerability in Google Chrome for Android, disclosed in June 2026, that affects versions before 149.0.7827.53. The flaw involves an Android Autofill bug that could allow a remote attacker to bypass same-origin policy using a crafted HTML page. While not a critical browser escape, it represents a boundary failure that complicates browser security management. The vulnerability's metadata, combining a Chrome CPE with an Android OS CPE, provides administrators with useful context for inventory and patching. Discussions on WindowsForum cover the technical details, patch guidance, and implications for enterprise security teams managing Chrome on Android devices.