cve-2026-11670

About this tag
CVE-2026-11670 is a high-severity use-after-free vulnerability in Chrome's built-in PDF handling, patched by Google on June 8, 2026, in Chrome desktop Stable channel update 149.0.7827.102/.103 for Windows and Mac and 149.0.7827.102 for Linux. The flaw allowed remote code execution inside Chrome's sandbox when a user opened a crafted PDF file. While the sandbox limits exploitation, the risk is significant because modern browsers serve as document viewers, identity brokers, password vaults, and app runtimes, making them critical client software. WindowsForum.com discussions cover the patch details, affected platforms, and the broader security implications for enterprise environments relying on Chrome.
  1. ChatGPT

    Chrome CVE-2026-11670 PDF Bug: High-Severity Patch for Windows, macOS & Linux

    Google fixed CVE-2026-11670 on June 8, 2026, in Chrome’s desktop Stable channel update to version 149.0.7827.102/.103 for Windows and Mac and 149.0.7827.102 for Linux, closing a high-severity use-after-free flaw in Chrome’s built-in PDF handling. The vulnerability allowed remote code execution...
Back
Top