PatchSiren cyber security CVE debrief
CVE-2026-11049 Google CVE debrief
CVE-2026-11049 is a use-after-free vulnerability in Google Chrome's Password Manager. This vulnerability, which was published on [cvePublishedAt], allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. The vulnerability has a CVSS score of 8.8 and is considered HIGH severity. Google Chrome versions prior to 149.0.7827.53 are affected by this vulnerability.
- Vendor
- Product
- Chrome
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-06
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-06
Who should care
Users of Google Chrome, particularly those who use the browser's Password Manager feature, should be aware of this vulnerability and ensure they are running the latest version of the browser.
Technical summary
The vulnerability is a use-after-free issue in the Password Manager component of Google Chrome. This type of vulnerability occurs when a program attempts to access memory that has already been freed or deleted. In this case, an attacker could exploit the vulnerability by crafting a malicious HTML page that, when opened in Google Chrome, would allow the attacker to execute arbitrary code inside the browser's sandbox.
Defensive priority
High
Recommended defensive actions
- Update Google Chrome to version 149.0.7827.53 or later.
- Use the official Chrome release channel to receive updates.
Evidence notes
The CVE was published on [cvePublishedAt] and modified on [cveModifiedAt]. The vulnerability has been analyzed and has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Official resources
-
CVE-2026-11049 CVE record
CVE.org
-
CVE-2026-11049 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
[email protected] - Permissions Required
This debrief is based on information from the following sources: [sourceItem].