PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-11055 Google CVE debrief

CVE-2026-11055 is a use-after-free vulnerability in ANGLE (Almost Native Graphics Layer Engine) within Google Chrome on Windows systems. This vulnerability, which was reported with a CVSS score of 8.8 and classified as HIGH severity, could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. The vulnerability was addressed in Google Chrome version 149.0.7827.53.

Vendor
Google
Product
Chrome
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-04
Original CVE updated
2026-06-06
Advisory published
2026-06-04
Advisory updated
2026-06-06

Who should care

Users of Google Chrome on Windows systems, particularly those who may be targeted by remote attackers, should prioritize updating their browser to version 149.0.7827.53 or later to mitigate this vulnerability.

Technical summary

The vulnerability is a use-after-free issue within ANGLE, a graphics layer engine used in Google Chrome. This type of vulnerability occurs when the program attempts to use memory after it has been freed, which can lead to unpredictable behavior, crashes, or, in this case, the execution of arbitrary code. The issue was specifically noted to affect Google Chrome on Windows prior to version 149.0.7827.53.

Defensive priority

High

Recommended defensive actions

  • Update Google Chrome to version 149.0.7827.53 or later.

Evidence notes

The CVE was published on [cvePublishedAt] and modified on [cveModifiedAt]. The vulnerability was reported to have a CVSS score of 8.8, indicating a high severity level. The official CVE record can be found at [resourceLinkAnnotations:cve-org].

Official resources

CVE-2026-11055 was published on 2026-06-04T23:17:09.917Z and modified on 2026-06-06T01:38:24.457Z.