PatchSiren cyber security CVE debrief

CVE-2026-11025 Google CVE debrief

CVE-2026-11025 is a Medium severity vulnerability in Google Chrome on Android prior to 149.0.7827.53. This vulnerability is caused by insufficient policy enforcement in Navigation, allowing a remote attacker to bypass content security policy via a crafted HTML page. The CVSS score for this vulnerability is 6.5.

Vendor: Google
Product: Chrome
CVSS: MEDIUM 6.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-04
Original CVE updated: 2026-06-09
Advisory published: 2026-06-04
Advisory updated: 2026-06-09

Who should care

Users of Google Chrome on Android prior to version 149.0.7827.53 should update to the latest version to mitigate this vulnerability.

Technical summary

Insufficient policy enforcement in Navigation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Defensive priority

Medium

Recommended defensive actions

Update Google Chrome to version 149.0.7827.53 or later.

Evidence notes

This vulnerability has a CVSS score of 6.5 and is classified as Medium severity.

Official resources

CVE-2026-11025 CVE record
CVE.org
CVE-2026-11025 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
Source reference
[email protected] - Permissions Required

CVE-2026-11025 was published on 2026-06-04T23:17:06.483Z and modified on 2026-06-09T03:07:46.883Z.