PatchSiren cyber security CVE debrief
CVE-2026-11214 Google CVE debrief
A medium-severity vulnerability was discovered in Google Chrome for iOS, tracked as CVE-2026-11214. This issue, caused by an inappropriate implementation, allowed a remote attacker to leak cross-origin data via a crafted HTML page. Users of Google Chrome on iOS are advised to update to version 149.0.7827.53 or later to mitigate this vulnerability.
- Vendor
- Product
- Chrome
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-05
Who should care
Users of Google Chrome on iOS, particularly those who may be exposed to crafted HTML pages from untrusted sources.
Technical summary
The vulnerability, with a CVSS score of 6.5, was caused by an inappropriate implementation in Chrome for iOS. This allowed a remote attacker to leak cross-origin data via a crafted HTML page. The issue was addressed with the release of Chrome version 149.0.7827.53.
Defensive priority
Medium
Recommended defensive actions
- Update Google Chrome on iOS to version 149.0.7827.53 or later.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information is available at [ref-4] and [ref-5].
Official resources
-
CVE-2026-11214 CVE record
CVE.org
-
CVE-2026-11214 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
[email protected] - Permissions Required
CVE-2026-11214 was published on 2026-06-04T23:17:28.887Z and modified on 2026-06-05T20:26:44.810Z.