PatchSiren cyber security CVE debrief
CVE-2026-10937 Google CVE debrief
CVE-2026-10937 is a High-severity vulnerability in Google Chrome prior to version 149.0.7827.53. This issue involves an inappropriate implementation in Passwords, which could allow a remote attacker to bypass same-origin policy via a crafted HTML page. The vulnerability has a CVSS score of 6.5, indicating a Medium severity level.
- Vendor
- Product
- Chrome
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-05
Who should care
Users of Google Chrome prior to version 149.0.7827.53 should update their browser to the latest version to mitigate this vulnerability. Additionally, developers and security teams should be aware of this issue and ensure that their organization's Chrome browsers are updated.
Technical summary
The vulnerability is caused by an inappropriate implementation in Passwords in Google Chrome prior to version 149.0.7827.53. This could allow a remote attacker to bypass same-origin policy via a crafted HTML page. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N.
Defensive priority
High
Recommended defensive actions
- Update Google Chrome to version 149.0.7827.53 or later.
- Ensure that all Chrome browsers within the organization are updated to the latest version.
Evidence notes
This vulnerability has been analyzed and verified by the NVD, with a published date of 2026-06-04T23:16:56.230Z and a modified date of 2026-06-05T20:23:46.250Z.
Official resources
-
CVE-2026-10937 CVE record
CVE.org
-
CVE-2026-10937 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Release Notes
-
Source reference
[email protected] - Permissions Required
CVE-2026-10937 was published on 2026-06-04T23:16:56.230Z and modified on 2026-06-05T20:23:46.250Z.