PatchSiren cyber security CVE debrief
CVE-2026-11215 Google CVE debrief
A medium-severity vulnerability, CVE-2026-11215, was found in Google Chrome's Cronet implementation on Android. This issue, published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-11215), allowed remote attackers to perform domain spoofing via crafted domain names. Users should update Chrome to version 149.0.7827.53 or later to mitigate this risk.
- Vendor
- Product
- Chrome
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-05
Who should care
Users of Google Chrome on Android, particularly those with versions prior to 149.0.7827.53, should be aware of this vulnerability and take action to update their browsers.
Technical summary
The vulnerability, with a CVSS score of 6.5, was caused by an inappropriate implementation in Cronet. This allowed attackers to spoof domains, potentially leading to phishing or other malicious activities.
Defensive priority
Medium
Recommended defensive actions
- Update Google Chrome to version 149.0.7827.53 or later.
- Ensure that Android devices are running the latest version of Chrome.
Evidence notes
Evidence for this CVE was obtained from the National Vulnerability Database (NVD) and the Chrome release blog.
Official resources
-
CVE-2026-11215 CVE record
CVE.org
-
CVE-2026-11215 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
[email protected] - Permissions Required
CVE-2026-11215 was published on 2026-06-04T23:17:29.107Z and modified on 2026-06-05T20:26:16.727Z.