PatchSiren cyber security CVE debrief
CVE-2026-10999 Google CVE debrief
CVE-2026-10999 is an integer overflow vulnerability in ANGLE in Google Chrome on Windows prior to 149.0.7827.53. This vulnerability allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. The CVSS score for this vulnerability is 6.5, indicating a medium severity. The vulnerability was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-10999) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-10999).
- Vendor
- Product
- Chrome
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-08
Who should care
Users of Google Chrome on Windows prior to version 149.0.7827.53 should update to the latest version to mitigate this vulnerability. This vulnerability requires user interaction, as it involves a crafted HTML page.
Technical summary
The vulnerability is caused by an integer overflow in ANGLE (Almost Native Graphics Layer Engine) in Google Chrome. ANGLE is a graphics library developed by Google that provides a layer of abstraction between the graphics driver and the application. The integer overflow allows a remote attacker who has compromised the renderer process to access potentially sensitive information from process memory.
Defensive priority
Medium
Recommended defensive actions
- Update Google Chrome to version 149.0.7827.53 or later.
- Ensure that Google Chrome is configured to automatically update to the latest version.
Evidence notes
The CVE-2026-10999 vulnerability was reported by [ref-5](https://issues.chromium.org/issues/489369089) and addressed in the stable channel update for desktop [ref-4](https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html).
Official resources
-
CVE-2026-10999 CVE record
CVE.org
-
CVE-2026-10999 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Release Notes
-
Source reference
[email protected] - Permissions Required
CVE-2026-10999 was published on 2026-06-04T23:17:03.617Z and last modified on 2026-06-08T13:16:30.613Z.