PatchSiren cyber security CVE debrief
CVE-2026-10888 Google CVE debrief
CVE-2026-10888 is a high-severity vulnerability in Google Chrome prior to version 149.0.7827.53. The vulnerability is a use-after-free issue in Cast Streaming, which could allow an attacker on the local network segment to execute arbitrary code via malicious network traffic. The CVSS score for this vulnerability is 8.8, indicating a high severity. The vulnerability was published on [cvePublishedAt] and modified on [cveModifiedAt].
- Vendor
- Product
- Chrome
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-05
Who should care
Users of Google Chrome prior to version 149.0.7827.53, particularly those on local network segments that may be targeted by attackers.
Technical summary
The vulnerability is a use-after-free issue in Cast Streaming in Google Chrome. This could allow an attacker on the local network segment to execute arbitrary code via malicious network traffic. The vulnerability has a CVSS score of 8.8 and is considered high severity.
Defensive priority
High
Recommended defensive actions
- Update Google Chrome to version 149.0.7827.53 or later.
- Ensure that Chrome is configured to automatically update to the latest version.
- Be cautious when clicking on links or accepting network traffic from untrusted sources, especially on local network segments.
Evidence notes
The vulnerability was reported by [email protected] and has been analyzed by the NVD.
Official resources
-
CVE-2026-10888 CVE record
CVE.org
-
CVE-2026-10888 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Source reference
[email protected] - Permissions Required
CVE-2026-10888 was published on 2026-06-04T23:16:50.250Z and modified on 2026-06-05T20:14:49.480Z.