PatchSiren cyber security CVE debrief
CVE-2026-11127 Google CVE debrief
A Medium severity vulnerability, CVE-2026-11127, was found in Google Chrome on Android prior to version 149.0.7827.53. This issue is related to an inappropriate implementation in WebAPKs, which could allow a remote attacker to perform domain spoofing via a crafted WebAPK. The CVSS score for this vulnerability is 6.5, indicating a Medium severity level.
- Vendor
- Product
- Chrome
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-09
Who should care
Users of Google Chrome on Android prior to version 149.0.7827.53 should update their browser to the latest version to mitigate this vulnerability. Additionally, developers who utilize WebAPKs in their applications should be aware of this issue and ensure their implementations are secure.
Technical summary
The vulnerability is caused by an inappropriate implementation in WebAPKs in Google Chrome on Android. This could allow a remote attacker to perform domain spoofing via a crafted WebAPK. The issue has been addressed in Google Chrome version 149.0.7827.53 and later.
Defensive priority
Medium
Recommended defensive actions
- Update Google Chrome on Android to version 149.0.7827.53 or later.
- Ensure that WebAPK implementations are secure and follow best practices.
Evidence notes
The CVE-2026-11127 vulnerability has been analyzed and verified by official sources, including the National Vulnerability Database (NVD) and Google Chrome's official release blog.
Official resources
-
CVE-2026-11127 CVE record
CVE.org
-
CVE-2026-11127 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
[email protected] - Permissions Required
CVE-2026-11127 was published on 2026-06-04T23:17:18.707Z and modified on 2026-06-09T03:05:23.280Z.