You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2026-11297
About this tag
CVE-2026-11297 is a disclosed vulnerability in Google Chrome on Android, specifically in Reader Mode before version 149.0.7827.53. The flaw is an input-validation issue that could allow a local attacker to bypass navigation restrictions using a malicious file. While Chromium tags it as low severity, CISA's ADP scoring assigns a high CVSS 3.1 score of 7.7, and NVD has not yet provided its own assessment. This discrepancy highlights how even minor Chrome mobile features can become part of enterprise risk management. Discussions on WindowsForum cover the patch details, the scoring gap, and implications for Android users and IT administrators managing Chrome deployments.
Google Chrome on Android before version 149.0.7827.53 contains CVE-2026-11297, a Reader Mode input-validation flaw disclosed on June 4, 2026, that can let a local attacker bypass navigation restrictions by using a malicious file. The bug is officially tagged as low severity by Chromium, but the...