PatchSiren cyber security CVE debrief
CVE-2026-10889 Google CVE debrief
CVE-2026-10889 is a high-severity vulnerability in Google Chrome prior to version 149.0.7827.53. The issue is an out-of-bounds read in ANGLE, which could allow a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. The CVSS score for this vulnerability is 8.3, indicating a high level of severity.
- Vendor
- Product
- Chrome
- CVSS
- HIGH 8.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-05
Who should care
Users of Google Chrome prior to version 149.0.7827.53 should update to the latest version to mitigate this vulnerability. Additionally, administrators and security teams responsible for managing Chrome deployments should prioritize patching to prevent potential exploitation.
Technical summary
The vulnerability is caused by an out-of-bounds read in ANGLE, a component used in Google Chrome. This could allow an attacker to access sensitive information or potentially escape the sandbox, allowing for further exploitation.
Defensive priority
High
Recommended defensive actions
- Update Google Chrome to version 149.0.7827.53 or later.
- Ensure that Chrome is configured to automatically update to the latest version.
Evidence notes
The CVE record and NVD detail pages provide additional information about this vulnerability, including CVSS scores and vector information.
Official resources
-
CVE-2026-10889 CVE record
CVE.org
-
CVE-2026-10889 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Source reference
[email protected] - Permissions Required
CVE-2026-10889 was published on 2026-06-04T23:16:50.370Z and modified on 2026-06-05T20:14:41.513Z.