PatchSiren cyber security CVE debrief

CVE-2026-10941 Google CVE debrief

CVE-2026-10941 is a High severity vulnerability in Google Chrome prior to 149.0.7827.53. The vulnerability is caused by an out of bounds memory access in Skia, which allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. The CVSS score for this vulnerability is 8.8, indicating a High severity. The vulnerability was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-10941) and detailed on [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-10941).

Vendor: Google
Product: Chrome
CVSS: HIGH 8.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-04
Original CVE updated: 2026-06-09
Advisory published: 2026-06-04
Advisory updated: 2026-06-09

Who should care

Users of Google Chrome prior to version 149.0.7827.53 should update to the latest version to mitigate this vulnerability.

Technical summary

The vulnerability is caused by an out of bounds memory access in Skia, which allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Defensive priority

High

Recommended defensive actions

Update Google Chrome to version 149.0.7827.53 or later.
Refer to [ref-4](https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html) for release notes and vendor advisory.

Evidence notes

The vulnerability was published on June 4, 2026, and modified on June 9, 2026. The CVSS score for this vulnerability is 8.8, indicating a High severity.

Official resources

CVE-2026-10941 CVE record
CVE.org
CVE-2026-10941 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
Source reference
[email protected] - Permissions Required

CVE-2026-10941 was published on 2026-06-04T23:16:56.670Z and modified on 2026-06-09T19:21:31.140Z.