PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-11010 Google CVE debrief

CVE-2026-11010 is a use-after-free vulnerability in WebShare in Google Chrome on Android prior to 149.0.7827.53. This vulnerability allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. The CVSS score for this vulnerability is 8.3, indicating a high severity. The vulnerability was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-11010) and additional details can be found on [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-11010).

Vendor
Google
Product
Chrome
CVSS
HIGH 8.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-04
Original CVE updated
2026-06-08
Advisory published
2026-06-04
Advisory updated
2026-06-08

Who should care

Users of Google Chrome on Android prior to version 149.0.7827.53 should update to the latest version to mitigate this vulnerability.

Technical summary

The vulnerability is a use-after-free issue in the WebShare component of Google Chrome on Android. This occurs when the program attempts to use memory after it has been freed, which can lead to unexpected behavior. In this case, a remote attacker who has compromised the renderer process could potentially use this vulnerability to escape the sandbox via a crafted HTML page.

Defensive priority

High

Recommended defensive actions

  • Update Google Chrome on Android to version 149.0.7827.53 or later.
  • Review and follow the vendor's advisory [ref-4](https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html) for additional mitigation strategies.

Evidence notes

The CVE was published on 2026-06-04T23:17:04.843Z and modified on 2026-06-08T14:26:53.357Z. The vulnerability has a CVSS score of 8.3 and is considered high severity.

Official resources

This debrief was generated based on the provided CVE data and does not include any additional information beyond what is publicly available.