CVE-2026-11114 Google CVE debrief

Who should care

Users of Google Chrome on Mac, particularly those who may be targeted by remote attackers, should be aware of this vulnerability. IT administrators and security teams should prioritize patching to version 149.0.7827.53 or later.

Technical summary

The vulnerability is a use-after-free issue in the Device Trust component of Google Chrome on Mac. This type of vulnerability occurs when a program uses memory after it has been freed, which can lead to unexpected behavior. In this case, a remote attacker who has compromised the renderer process could exploit this vulnerability to potentially escape the sandbox via a specially crafted HTML page.

Defensive priority

High

Recommended defensive actions

• Update Google Chrome on Mac to version 149.0.7827.53 or later.
• Ensure that all users of Google Chrome on Mac are aware of the need for this update.

Evidence notes

The CVE was published on June 4, 2026, and modified on June 8, 2026. The vulnerability has been assigned a CVSS score of 9.6, indicating a critical severity level. For more information, see [ref-4](https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html) for vendor advisory and [ref-5](https://issues.chromium.org/issues/501360342) for additional details.

Official resources