PatchSiren cyber security CVE debrief
CVE-2026-11144 Google CVE debrief
CVE-2026-11144 is a Use after free vulnerability in Media in Google Chrome prior to 149.0.7827.53. This vulnerability allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. The Chromium security severity is rated as Medium, with a CVSS score of 8.8, indicating a HIGH severity level.
- Vendor
- Product
- Chrome
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-08
Who should care
Users of Google Chrome prior to version 149.0.7827.53 should update to the latest version to mitigate this vulnerability.
Technical summary
The vulnerability is caused by a use-after-free issue in the Media component of Google Chrome. This occurs when the program attempts to access memory after it has been freed, allowing an attacker to execute arbitrary code.
Defensive priority
High
Recommended defensive actions
- Update Google Chrome to version 149.0.7827.53 or later.
- Refer to [ref-4](https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html) for vendor advisory.
Evidence notes
The CVE record [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-11144) and NVD detail [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-11144) provide additional information on this vulnerability.
Official resources
-
CVE-2026-11144 CVE record
CVE.org
-
CVE-2026-11144 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
[email protected] - Permissions Required
CVE-2026-11144 was published on 2026-06-04T23:17:20.667Z and modified on 2026-06-08T19:16:40.493Z.