PatchSiren cyber security CVE debrief
CVE-2026-10987 Google CVE debrief
CVE-2026-10987 is an integer overflow vulnerability in the V8 engine of Google Chrome. This issue, which was reported with a CVSS score of 8.8 and categorized as High severity by Chromium, could allow a remote attacker to execute arbitrary code within a sandbox environment by providing a specially crafted HTML page. The vulnerability was made public on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-10987).
- Vendor
- Product
- Chrome
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-06
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-06
Who should care
Users of Google Chrome prior to version 149.0.7827.53 are affected by this vulnerability. Successful exploitation could lead to arbitrary code execution in the sandbox.
Technical summary
The vulnerability is caused by an integer overflow in the V8 engine of Google Chrome. This could be exploited by a remote attacker through a crafted HTML page, potentially leading to arbitrary code execution within the sandbox.
Defensive priority
High
Recommended defensive actions
- Update Google Chrome to version 149.0.7827.53 or later to mitigate this vulnerability.
Evidence notes
The CVE was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-10987) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-10987).
Official resources
-
CVE-2026-10987 CVE record
CVE.org
-
CVE-2026-10987 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
[email protected] - Permissions Required
CVE-2026-10987 was publicly disclosed on 2026-06-04.