You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2026-11670
About this tag
CVE-2026-11670 is a high-severity use-after-free vulnerability in Chrome's built-in PDF handling, patched by Google on June 8, 2026, in Chrome desktop Stable channel update 149.0.7827.102/.103 for Windows and Mac and 149.0.7827.102 for Linux. The flaw allowed remote code execution inside Chrome's sandbox when a user opened a crafted PDF file. While the sandbox limits exploitation, the risk is significant because modern browsers serve as document viewers, identity brokers, password vaults, and app runtimes, making them critical client software. WindowsForum.com discussions cover the patch details, affected platforms, and the broader security implications for enterprise environments relying on Chrome.
Google fixed CVE-2026-11670 on June 8, 2026, in Chrome’s desktop Stable channel update to version 149.0.7827.102/.103 for Windows and Mac and 149.0.7827.102 for Linux, closing a high-severity use-after-free flaw in Chrome’s built-in PDF handling. The vulnerability allowed remote code execution...