PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-10953 Google CVE debrief

CVE-2026-10953 is a high-severity vulnerability in Google Chrome on Android prior to version 149.0.7827.53. This use-after-free issue in the Core component could allow a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. The vulnerability has a CVSS score of 8.3 and is classified as High by Chromium security severity.

Vendor
Google
Product
Chrome
CVSS
HIGH 8.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-04
Original CVE updated
2026-06-08
Advisory published
2026-06-04
Advisory updated
2026-06-08

Who should care

Users of Google Chrome on Android prior to version 149.0.7827.53 should update to the latest version to mitigate this vulnerability. Additionally, organizations and individuals who rely on Google Chrome for browsing should be aware of this vulnerability and take necessary precautions.

Technical summary

The vulnerability is a use-after-free issue in the Core component of Google Chrome on Android. This type of vulnerability occurs when a program attempts to access memory that has already been freed or deleted. In this case, a remote attacker who has compromised the renderer process could potentially exploit this vulnerability to perform a sandbox escape via a crafted HTML page.

Defensive priority

High

Recommended defensive actions

  • Update Google Chrome on Android to version 149.0.7827.53 or later.
  • Ensure that Google Chrome is configured to automatically update to the latest version.

Evidence notes

The vulnerability was reported by chromium security team and has been fixed in Google Chrome version 149.0.7827.53.

Official resources

CVE-2026-10953 was published on 2026-06-04T23:16:58.203Z and modified on 2026-06-08T17:09:55.513Z.