PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-11240 Google CVE debrief

CVE-2026-11240 is a vulnerability in Google Chrome prior to version 149.0.7827.53. The issue is related to insufficient validation of untrusted input in the Loader component. This vulnerability allowed a remote attacker, who had compromised the renderer process, to bypass site isolation via a crafted HTML page. The Chromium security severity of this issue is rated as Low. The CVSS score for this vulnerability is 3.1, indicating a Low severity.

Vendor
Google
Product
Chrome
CVSS
LOW 3.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-05
Original CVE updated
2026-06-05
Advisory published
2026-06-05
Advisory updated
2026-06-05

Who should care

Users of Google Chrome prior to version 149.0.7827.53 should update to the latest version to mitigate this vulnerability. Additionally, administrators and security teams responsible for managing and securing Chrome installations should prioritize updating to the patched version.

Technical summary

The vulnerability is caused by insufficient validation of untrusted input in the Loader component of Google Chrome. This allows a remote attacker who has compromised the renderer process to bypass site isolation via a crafted HTML page.

Defensive priority

Medium

Recommended defensive actions

  • Update Google Chrome to version 149.0.7827.53 or later.
  • Ensure that all Chrome installations are up-to-date with the latest security patches.

Evidence notes

The CVE-2026-11240 vulnerability was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-11240) and has a detailed record on [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-11240).

Official resources

CVE-2026-11240 was published on 2026-06-05T00:17:00.207Z and modified on 2026-06-05T15:29:32.740Z.