PatchSiren cyber security CVE debrief
CVE-2026-11204 Google CVE debrief
A Medium severity vulnerability, CVE-2026-11204, was found in Google Chrome's Signin feature on iOS. This issue, caused by an inappropriate implementation, allows remote attackers to bypass navigation restrictions via a crafted HTML page. The vulnerability has a CVSS score of 6.5.
- Vendor
- Product
- Chrome
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-06
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-06
Who should care
Users of Google Chrome on iOS, particularly those who use the Signin feature, should be aware of this vulnerability. IT administrators and security teams responsible for managing Chrome deployments should prioritize patching.
Technical summary
The vulnerability is caused by an inappropriate implementation in the Signin feature of Google Chrome on iOS. This allows remote attackers to bypass navigation restrictions via a crafted HTML page. The issue has been addressed in Chrome version 149.0.7827.53.
Defensive priority
Medium
Recommended defensive actions
- Update Google Chrome on iOS to version 149.0.7827.53 or later.
- Ensure that Chrome's auto-update feature is enabled to receive the latest security patches.
Evidence notes
The CVE-2026-11204 vulnerability has been analyzed and verified by official sources, including the National Vulnerability Database (NVD) and Google Chrome's security team.
Official resources
-
CVE-2026-11204 CVE record
CVE.org
-
CVE-2026-11204 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
[email protected] - Permissions Required
CVE-2026-11204 was published on 2026-06-04T23:17:27.590Z and modified on 2026-06-06T01:59:26.910Z.