PatchSiren cyber security CVE debrief
CVE-2026-11256 Google CVE debrief
CVE-2026-11256 is an integer overflow vulnerability in the GPU of Google Chrome. This issue, which was reported with a CVSS score of 8.3 and categorized as HIGH severity, could allow a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. The vulnerability was addressed in Google Chrome version 149.0.7827.53.
- Vendor
- Product
- Chrome
- CVSS
- HIGH 8.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-05
Who should care
Users of Google Chrome, particularly those who use the browser on a version prior to 149.0.7827.53, should be aware of this vulnerability. Successful exploitation could allow an attacker to escape the sandbox, potentially leading to arbitrary code execution or other malicious activities.
Technical summary
The vulnerability is caused by an integer overflow in the GPU of Google Chrome. This occurs when the browser processes a crafted HTML page, which can lead to a sandbox escape if the renderer process has been compromised.
Defensive priority
High
Recommended defensive actions
- Update Google Chrome to version 149.0.7827.53 or later to mitigate this vulnerability.
- Ensure that all users of Google Chrome within your organization are running the updated version.
Evidence notes
The CVE was published on 2026-06-05T00:17:02.230Z and last modified on 2026-06-05T15:33:22.153Z. The vulnerability was reported by [email protected] and has a CVSS vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H.
Official resources
-
CVE-2026-11256 CVE record
CVE.org
-
CVE-2026-11256 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
[email protected] - Permissions Required
CVE-2026-11256 was published on 2026-06-05T00:17:02.230Z and last modified on 2026-06-05T15:33:22.153Z.