PatchSiren cyber security CVE debrief
CVE-2026-10968 Google CVE debrief
CVE-2026-10968 is a High-severity vulnerability in Google Chrome on Windows. Insufficient validation of untrusted input in Dawn allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
- Vendor
- Product
- Chrome
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-08
Who should care
Users of Google Chrome on Windows, particularly those who may be targeted by remote attackers.
Technical summary
The vulnerability exists in the Dawn component of Google Chrome on Windows. A remote attacker who has compromised the renderer process can exploit this vulnerability to leak cross-origin data via a specially crafted HTML page. The CVSS score for this vulnerability is 7.4, indicating a High severity.
Defensive priority
High
Recommended defensive actions
- Update Google Chrome to version 149.0.7827.53 or later.
- Ensure that Google Chrome is configured to automatically update.
- Be cautious when clicking on links or opening HTML pages from untrusted sources.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively.
Official resources
-
CVE-2026-10968 CVE record
CVE.org
-
CVE-2026-10968 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Release Notes
-
Source reference
[email protected] - Permissions Required
CVE-2026-10968 was published on [cvePublishedAt] and modified on [cveModifiedAt].