You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2026 11672
About this tag
CVE-2026-11672 is a high-severity vulnerability affecting Chrome on Android, specifically a GPU heap buffer overflow in the sandbox escape path. The flaw was fixed in Chrome version 149.0.7827.103. The NVD's CPE configuration for this CVE has been noted as potentially confusing for vulnerability scanners, as it ties the vulnerable Chrome builds to Android rather than listing a separate Android Chrome product. For WindowsForum readers, the immediate action is to update Chrome, but the broader lesson involves understanding how browser risk now spans code, OS mediation, GPU attack surface, and the databases that track these components.
Google and NVD published CVE-2026-11672 in June 2026 as a high-severity Chrome-on-Android GPU heap buffer overflow fixed before version 149.0.7827.103, with NVD’s initial configuration tying vulnerable Chrome builds to Android rather than listing a separate Android Chrome product CPE. The...