PatchSiren cyber security CVE debrief
CVE-2026-10897 Google CVE debrief
A critical vulnerability, CVE-2026-10897, was discovered in Google Chrome's GPU implementation. This inappropriate implementation could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. The vulnerability has a CVSS score of 8.8 and is considered HIGH severity.
- Vendor
- Product
- Chrome
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-05
Who should care
Users of Google Chrome prior to version 149.0.7827.53 should update to the latest version to mitigate this vulnerability. This vulnerability is particularly concerning as it could allow an attacker to escape the sandbox, potentially leading to arbitrary code execution.
Technical summary
The vulnerability is caused by an inappropriate implementation in the GPU component of Google Chrome. This could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Defensive priority
High
Recommended defensive actions
- Update Google Chrome to version 149.0.7827.53 or later.
- Ensure that all users of Google Chrome are aware of the vulnerability and the importance of updating to the latest version.
Evidence notes
This vulnerability was discovered and reported to Google Chrome. The CVE record was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-10897).
Official resources
-
CVE-2026-10897 CVE record
CVE.org
-
CVE-2026-10897 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Source reference
[email protected] - Permissions Required
CVE-2026-10897 was published on 2026-06-04T23:16:51.350Z and modified on 2026-06-05T19:37:31.713Z.