PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-11110 Google CVE debrief

CVE-2026-11110 is a Medium severity vulnerability in Google Chrome prior to 149.0.7827.53. This issue involves an uninitialized use in ANGLE, which could allow a remote attacker to leak cross-origin data via a crafted HTML page. The vulnerability has a CVSS score of 6.5 and is categorized as CWE-457.

Vendor
Google
Product
Chrome
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-04
Original CVE updated
2026-06-08
Advisory published
2026-06-04
Advisory updated
2026-06-08

Who should care

Users of Google Chrome prior to version 149.0.7827.53 should update to the latest version to mitigate this vulnerability. This issue is particularly concerning for users who may be targeted by remote attackers through crafted HTML pages.

Technical summary

The vulnerability is caused by an uninitialized use in ANGLE (Almost Native Graphics Layer Engine) within Google Chrome. ANGLE is a shader translator developed by Google that allows for running graphics shaders written in the GLSL language on a variety of platforms. The issue allows for the leakage of cross-origin data, which can be exploited by remote attackers through specially crafted HTML pages.

Defensive priority

Medium

Recommended defensive actions

  • Update Google Chrome to version 149.0.7827.53 or later.
  • Users should ensure that their browser is up-to-date to prevent exploitation of this vulnerability.

Evidence notes

The CVE-2026-11110 vulnerability was published on [cvePublishedAt] and modified on [cveModifiedAt]. The vulnerability details were obtained from the official CVE record [resourceLinkAnnotations.cve-org] and NVD detail page [resourceLinkAnnotations.nvd].

Official resources

CVE-2026-11110 was published on 2026-06-04T23:17:16.603Z and modified on 2026-06-08T19:16:36.917Z.