PatchSiren cyber security CVE debrief
CVE-2026-11019 Google CVE debrief
A medium-severity vulnerability, CVE-2026-11019, was found in Google Chrome on Android prior to version 149.0.7827.53. This issue is related to an inappropriate implementation in the Payments feature, which could allow a remote attacker who has compromised the renderer process to perform domain spoofing via a crafted HTML page. The CVSS score for this vulnerability is 6.5, indicating a medium level of severity.
- Vendor
- Product
- Chrome
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-08
Who should care
Users of Google Chrome on Android, particularly those who use the Payments feature, should be aware of this vulnerability and ensure they are running version 149.0.7827.53 or later to mitigate the risk.
Technical summary
The vulnerability is caused by an inappropriate implementation in the Payments feature of Google Chrome on Android. This could allow an attacker to perform domain spoofing by creating a crafted HTML page. The issue has been addressed in version 149.0.7827.53 of Google Chrome.
Defensive priority
Medium
Recommended defensive actions
- Update Google Chrome to version 149.0.7827.53 or later.
- Be cautious when accessing sensitive information, especially financial data, through Google Chrome on Android.
Evidence notes
This CVE record was obtained from the official CVE.org website and the NVD detail page.
Official resources
-
CVE-2026-11019 CVE record
CVE.org
-
CVE-2026-11019 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Source reference
[email protected] - Permissions Required
The information provided in this debrief is based on publicly available data from official sources and is intended for informational purposes only.