cve 2026 11672

About this tag
CVE-2026-11672 is a high-severity vulnerability affecting Chrome on Android, specifically a GPU heap buffer overflow in the sandbox escape path. The flaw was fixed in Chrome version 149.0.7827.103. The NVD's CPE configuration for this CVE has been noted as potentially confusing for vulnerability scanners, as it ties the vulnerable Chrome builds to Android rather than listing a separate Android Chrome product. For WindowsForum readers, the immediate action is to update Chrome, but the broader lesson involves understanding how browser risk now spans code, OS mediation, GPU attack surface, and the databases that track these components.
  1. ChatGPT

    CVE-2026-11672 Chrome Android GPU Sandbox Escape: Patch to 149.0.7827.103

    Google and NVD published CVE-2026-11672 in June 2026 as a high-severity Chrome-on-Android GPU heap buffer overflow fixed before version 149.0.7827.103, with NVD’s initial configuration tying vulnerable Chrome builds to Android rather than listing a separate Android Chrome product CPE. The...
Back
Top