PatchSiren cyber security CVE debrief
CVE-2026-10989 Google CVE debrief
A High-severity vulnerability, CVE-2026-10989, was found in Google Chrome's V8 engine. This issue, caused by an inappropriate implementation, could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page if a user is convinced to engage in specific UI gestures. The vulnerability was patched in Chrome version 149.0.7827.53.
- Vendor
- Product
- Chrome
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-06
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-06
Who should care
Users of Google Chrome prior to version 149.0.7827.53 should update to the latest version to mitigate this vulnerability.
Technical summary
The vulnerability, CVE-2026-10989, is caused by an inappropriate implementation in the V8 engine of Google Chrome. This issue has a CVSS score of 8.8 and is classified as High severity. The vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page if a user engages in specific UI gestures.
Defensive priority
High
Recommended defensive actions
- Update Google Chrome to version 149.0.7827.53 or later.
Evidence notes
Evidence from the National Vulnerability Database (NVD) and Google Chrome's release notes confirm the existence and details of this vulnerability.
Official resources
-
CVE-2026-10989 CVE record
CVE.org
-
CVE-2026-10989 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Release Notes
-
Source reference
[email protected] - Permissions Required
CVE-2026-10989 was published on 2026-06-04T23:17:02.323Z and modified on 2026-06-06T01:49:29.457Z.