PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-10908 Google CVE debrief

CVE-2026-10908 is a high-severity vulnerability in Google Chrome on Windows, allowing a remote attacker to potentially perform a sandbox escape via a crafted HTML page. The vulnerability is caused by a use-after-free issue in the FullScreen component. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the renderer process.

Vendor
Google
Product
Chrome
CVSS
HIGH 8.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-04
Original CVE updated
2026-06-05
Advisory published
2026-06-04
Advisory updated
2026-06-05

Who should care

Users of Google Chrome on Windows, particularly those who may be targeted by remote attackers, should be aware of this vulnerability and take steps to mitigate it.

Technical summary

The vulnerability is caused by a use-after-free issue in the FullScreen component of Google Chrome on Windows. This could allow a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Defensive priority

High

Recommended defensive actions

  • Update Google Chrome to version 149.0.7827.53 or later.
  • Use the official vendor advisory at [ref-4](https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html) for more information on mitigation and updates.

Evidence notes

The CVE-2026-10908 vulnerability has a CVSS score of 8.3 and is considered High severity. It was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-10908) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-10908).

Official resources

CVE-2026-10908 was published on 2026-06-04T23:16:52.690Z and last modified on 2026-06-05T20:00:59.660Z.