You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2026 11640
About this tag
CVE-2026-11640 is a critical integer overflow vulnerability in Google Chrome's bundled libyuv library, disclosed on June 8, 2026. The flaw, which affects desktop platforms, allows an attacker to escape the browser sandbox after compromising the renderer process via a crafted HTML page. Google addressed the issue in Chrome version 149.0.7827.102/.103. For Windows users, the primary mitigation is to update Chrome and ensure all Chromium-based browsers are patched. The vulnerability highlights the security risks posed by the browser's supply chain of media parsers, graphics libraries, and codec helpers, which are often invisible to end users.
Google disclosed CVE-2026-11640 on June 8, 2026, as a critical integer overflow in Chrome’s bundled libyuv library, fixed in Chrome 149.0.7827.102/.103 for desktop platforms, with NVD describing it as a renderer-compromise-to-sandbox-escape flaw triggered through a crafted HTML page. The short...