PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-10909 Google CVE debrief

CVE-2026-10909 is a high-severity vulnerability in Google Chrome prior to version 149.0.7827.53. The vulnerability is a use-after-free issue in Dawn, which could allow a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. The CVSS score for this vulnerability is 8.3, indicating a high level of severity.

Vendor
Google
Product
Chrome
CVSS
HIGH 8.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-04
Original CVE updated
2026-06-05
Advisory published
2026-06-04
Advisory updated
2026-06-05

Who should care

Users of Google Chrome prior to version 149.0.7827.53 should update to the latest version to mitigate this vulnerability. Additionally, administrators and security teams responsible for managing Chrome deployments should prioritize patching to prevent potential exploitation.

Technical summary

The vulnerability is a use-after-free issue in Dawn, a component of Google Chrome. This type of vulnerability occurs when a program attempts to use memory after it has been freed, which can lead to unexpected behavior or crashes. In this case, a remote attacker who has compromised the renderer process could potentially use this vulnerability to escape the sandbox and execute arbitrary code.

Defensive priority

High

Recommended defensive actions

  • Update Google Chrome to version 149.0.7827.53 or later.
  • Ensure that Chrome is configured to automatically update to the latest version.

Evidence notes

The CVE-2026-10909 vulnerability was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-10909) and has a detailed description on [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-10909).

Official resources

CVE-2026-10909 was published on 2026-06-04T23:16:52.817Z and modified on 2026-06-05T20:00:48.970Z.