PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-10945 Google CVE debrief

CVE-2026-10945 is a high-severity vulnerability in Google Chrome prior to version 149.0.7827.53. The vulnerability is a use-after-free issue in the PDF component of Google Chrome, which allows a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file, requiring specific UI gestures from the user. The CVSS score for this vulnerability is 8.8, indicating a high level of severity.

Vendor
Google
Product
Chrome
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-04
Original CVE updated
2026-06-09
Advisory published
2026-06-04
Advisory updated
2026-06-09

Who should care

Users of Google Chrome prior to version 149.0.7827.53 should update to the latest version to mitigate this vulnerability. Additionally, organizations and individuals who rely on Google Chrome for browsing should be aware of this vulnerability and take necessary precautions.

Technical summary

The vulnerability is caused by a use-after-free issue in the PDF component of Google Chrome. This allows a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file, requiring specific UI gestures from the user. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Defensive priority

High

Recommended defensive actions

  • Update Google Chrome to version 149.0.7827.53 or later.
  • Be cautious when opening PDF files from untrusted sources, especially if they require specific UI gestures.

Evidence notes

The CVE record and NVD detail can be found at [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-10945) and [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-10945), respectively. Additional information can be found in the release notes and vendor advisory at [ref-4](https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html).

Official resources

CVE-2026-10945 was published on [cvePublishedAt] and modified on [cveModifiedAt].