PatchSiren cyber security CVE debrief
CVE-2026-11201 Google CVE debrief
CVE-2026-11201 is a high-severity vulnerability in Google Chrome prior to version 149.0.7827.53. This use-after-free issue in ServiceWorker could allow an attacker who convinces a user to install a malicious extension to execute arbitrary code. The vulnerability has a CVSS score of 8.8 and is classified as CWE-416.
- Vendor
- Product
- Chrome
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-06
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-06
Who should care
Users of Google Chrome prior to version 149.0.7827.53, administrators of systems with Google Chrome installed, and security teams responsible for patching and vulnerability management.
Technical summary
The vulnerability is a use-after-free issue in ServiceWorker, which is a component of Google Chrome that allows web applications to run in the background. An attacker could exploit this vulnerability by convincing a user to install a malicious extension, which could then execute arbitrary code.
Defensive priority
High
Recommended defensive actions
- Update Google Chrome to version 149.0.7827.53 or later.
- Be cautious when installing browser extensions, and only install them from trusted sources.
- Monitor for any suspicious activity in Google Chrome.
Evidence notes
The CVE record and NVD detail provide information on the vulnerability, including its CVSS score, CWE classification, and affected versions of Google Chrome.
Official resources
-
CVE-2026-11201 CVE record
CVE.org
-
CVE-2026-11201 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
[email protected] - Permissions Required
CVE-2026-11201 was published on 2026-06-04T23:17:27.270Z and modified on 2026-06-06T01:36:30.910Z.