PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-11168 Google CVE debrief

CVE-2026-11168 is a Medium severity vulnerability in Google Chrome prior to 149.0.7827.53. This issue is related to an inappropriate implementation in Extensions, which could allow a remote attacker who has compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. The Chromium security severity for this issue is Medium, with a CVSS score of 6.5.

Vendor
Google
Product
Chrome
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-04
Original CVE updated
2026-06-08
Advisory published
2026-06-04
Advisory updated
2026-06-08

Who should care

Users of Google Chrome prior to version 149.0.7827.53 should update to the latest version to mitigate this vulnerability. This issue does not affect Apple, Linux, or Microsoft Windows products according to the provided CPE criteria.

Technical summary

The vulnerability is caused by an inappropriate implementation in Extensions in Google Chrome. An attacker who has compromised the renderer process can exploit this issue to obtain potentially sensitive information from process memory. This can be achieved by creating a crafted HTML page.

Defensive priority

Medium

Recommended defensive actions

  • Update Google Chrome to version 149.0.7827.53 or later.
  • Refer to [ref-4](https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html) for more information on the stable channel update for desktop.

Evidence notes

The CVE record [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-11168) and NVD detail [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-11168) provide additional information on this vulnerability.

Official resources

CVE-2026-11168 was published on 2026-06-04T23:17:23.523Z and modified on 2026-06-08T14:22:05.980Z.