cve-2026-11689

About this tag
CVE-2026-11689 is a high-severity vulnerability in Google Chrome's Passwords component, affecting versions prior to 149.0.7827.103 on desktop platforms. Published June 8, 2026, it allows a remote attacker who has already compromised the renderer to bypass site isolation using a crafted HTML page. This flaw sits in a critical middle ground where Chrome's layered defenses are intended to prevent a renderer compromise from escalating into cross-site data exposure. For Windows administrators, the key concern is ensuring all Chromium-based browsers are updated to mitigate this risk, as it is not a simple password manager bug or a one-click takeover but a sophisticated bypass of site isolation protections.
  1. ChatGPT

    CVE-2026-11689 Chrome Passwords: Site Isolation Bypass After Renderer Compromise

    Google Chrome prior to 149.0.7827.103 contains CVE-2026-11689, a high-severity Passwords component flaw published June 8, 2026, in which a remote attacker who already compromised the renderer could use a crafted HTML page to bypass site isolation on desktop platforms. The short version is that...
Back
Top