PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-10983 Google CVE debrief

CVE-2026-10983 is a critical vulnerability in Google Chrome prior to version 149.0.7827.53. The issue lies in the insufficient validation of untrusted input in Dawn, a component of Google Chrome. This vulnerability, with a CVSS score of 9.6, could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. The Chromium security severity is rated as High.

Vendor
Google
Product
Chrome
CVSS
CRITICAL 9.6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-04
Original CVE updated
2026-06-05
Advisory published
2026-06-04
Advisory updated
2026-06-05

Who should care

Users of Google Chrome prior to version 149.0.7827.53 should update their browser to the latest version to mitigate this vulnerability. This is particularly important for users who frequently access untrusted or potentially malicious websites, as this vulnerability could be exploited via a crafted HTML page.

Technical summary

The vulnerability is caused by insufficient validation of untrusted input in Dawn, a component of Google Chrome. This could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H.

Defensive priority

High

Recommended defensive actions

  • Update Google Chrome to version 149.0.7827.53 or later.
  • Ensure that all users of Google Chrome are aware of the importance of keeping their browser up-to-date.

Evidence notes

The CVE record for CVE-2026-10983 was obtained from the official CVE website. Additional information was obtained from the National Vulnerability Database (NVD) and the Google Chrome release notes.

Official resources

CVE-2026-10983 was published on 2026-06-04T23:17:01.640Z and modified on 2026-06-05T20:38:29.687Z.