PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-10917 Google CVE debrief

CVE-2026-10917 is a High-severity vulnerability in Google Chrome prior to version 149.0.7827.53. The issue involves insufficient validation of untrusted input in the Media component, which could allow a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Vendor
Google
Product
Chrome
CVSS
HIGH 8.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-04
Original CVE updated
2026-06-05
Advisory published
2026-06-04
Advisory updated
2026-06-05

Who should care

Users of Google Chrome, particularly those who use the browser for sensitive activities or in high-risk environments, should be aware of this vulnerability. Additionally, administrators responsible for managing Chrome installations in organizations should prioritize updating to the latest version.

Technical summary

The vulnerability, tracked as CVE-2026-10917, is caused by insufficient validation of untrusted input in the Media component of Google Chrome. This could allow a remote attacker who has already compromised the renderer process to potentially escape the sandbox via a specially crafted HTML page. The CVSS score for this vulnerability is 8.3, indicating a High severity level.

Defensive priority

High

Recommended defensive actions

  • Update Google Chrome to version 149.0.7827.53 or later.
  • Ensure that all users of Google Chrome in your organization are updated to the latest version.

Evidence notes

The CVE was published on [cvePublishedAt] and modified on [cveModifiedAt]. The vulnerability was reported by [source] and has a CVSS score of [cvssScore].

Official resources

CVE-2026-10917 was published on 2026-06-04T23:16:53.860Z and modified on 2026-06-05T15:48:49.470Z.