PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-11173 Google CVE debrief

CVE-2026-11173 is an out of bounds write vulnerability in V8 in Google Chrome prior to 149.0.7827.53. This vulnerability allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. The CVSS score for this vulnerability is 8.8, indicating a high severity. The vulnerability was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-11173) on 2026-06-04T23:17:24.113Z and modified on 2026-06-05T20:45:18.203Z. For more information, see [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-11173).

Vendor
Google
Product
Chrome
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-04
Original CVE updated
2026-06-05
Advisory published
2026-06-04
Advisory updated
2026-06-05

Who should care

Users of Google Chrome prior to version 149.0.7827.53 should update to the latest version to mitigate this vulnerability.

Technical summary

The vulnerability is an out of bounds write in V8, a JavaScript engine used in Google Chrome. This vulnerability can be exploited by a remote attacker who has compromised the renderer process, allowing them to execute arbitrary code inside a sandbox via a crafted HTML page.

Defensive priority

High

Recommended defensive actions

  • Update Google Chrome to version 149.0.7827.53 or later.
  • See [ref-4](https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html) for more information on the stable channel update for desktop.

Evidence notes

The CVE was published on 2026-06-04T23:17:24.113Z and modified on 2026-06-05T20:45:18.203Z. The CVSS score is 8.8, indicating a high severity.

Official resources

CVE-2026-11173 was published on 2026-06-04T23:17:24.113Z and modified on 2026-06-05T20:45:18.203Z.