PatchSiren cyber security CVE debrief
CVE-2026-11227 Google CVE debrief
CVE-2026-11227 is a MEDIUM severity vulnerability in Google Chrome prior to version 149.0.7827.53. This vulnerability, described as 'Incorrect security UI in Tab Hover Cards,' allows a remote attacker to perform domain spoofing via a crafted domain name. The Chromium security severity is rated as Low, with a CVSS score of 6.5.
- Vendor
- Product
- Chrome
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-06
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-06
Who should care
Users of Google Chrome prior to version 149.0.7827.53 should apply the update to mitigate this vulnerability.
Technical summary
The vulnerability is caused by incorrect security UI in Tab Hover Cards in Google Chrome. This allows a remote attacker to perform domain spoofing via a crafted domain name. The vulnerability has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N and is classified under CWE-451.
Defensive priority
This vulnerability has a MEDIUM severity and a CVSS score of 6.5. It is recommended to update Google Chrome to version 149.0.7827.53 or later to mitigate this vulnerability.
Recommended defensive actions
- Update Google Chrome to version 149.0.7827.53 or later.
Evidence notes
The CVE was published on 2026-06-04T23:17:30.483Z and modified on 2026-06-06T01:57:39.790Z. The vulnerability is related to Google Chrome and has a reference to the vendor advisory: [ref-4](https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html).
Official resources
-
CVE-2026-11227 CVE record
CVE.org
-
CVE-2026-11227 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
[email protected] - Permissions Required
CVE-2026-11227 was published on 2026-06-04T23:17:30.483Z and modified on 2026-06-06T01:57:39.790Z.