PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-11229 Google CVE debrief

CVE-2026-11229 is a MEDIUM severity vulnerability in Google Chrome prior to 149.0.7827.53. The issue is an inappropriate implementation in the Enterprise version of Google Chrome, which allows a local attacker to perform privilege escalation via physical access to the device. The vulnerability has a CVSS score of 6.1 and a CVSS severity of MEDIUM. It was published on [cvePublishedAt] and modified on [cveModifiedAt].

Vendor
Google
Product
Chrome
CVSS
MEDIUM 6.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-04
Original CVE updated
2026-06-10
Advisory published
2026-06-04
Advisory updated
2026-06-10

Who should care

Users of Google Chrome prior to version 149.0.7827.53, especially in Enterprise environments, should apply the necessary updates to mitigate this vulnerability.

Technical summary

The vulnerability is caused by an inappropriate implementation in the Enterprise version of Google Chrome. This allows a local attacker with physical access to the device to perform privilege escalation. The issue has been addressed in Google Chrome version 149.0.7827.53 and later.

Defensive priority

MEDIUM

Recommended defensive actions

  • Update Google Chrome to version 149.0.7827.53 or later.
  • Ensure that all users of Google Chrome in the Enterprise environment are aware of the need to update their browsers.

Evidence notes

The CVE record and NVD detail can be found at [resourceLinkAnnotations:cve-org] and [resourceLinkAnnotations:nvd], respectively. Additional information can be found in the release notes at [resourceLinkAnnotations:ref-4] and the issue tracker at [resourceLinkAnnotations:ref-5].

Official resources

CVE-2026-11229 was published on 2026-06-04T23:17:30.707Z and modified on 2026-06-10T19:09:36.700Z.