PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-11281 Google CVE debrief

CVE-2026-11281 is an integer overflow vulnerability in Chromoting in Google Chrome on Windows prior to 149.0.7827.53. This vulnerability allowed a local attacker to obtain potentially sensitive information from process memory via a crafted ETW event. The CVSS score for this vulnerability is 5, with a severity rating of MEDIUM. The vulnerability was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-11281) and modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-11281).

Vendor
Google
Product
Chrome
CVSS
MEDIUM 5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-05
Original CVE updated
2026-06-08
Advisory published
2026-06-05
Advisory updated
2026-06-08

Who should care

Users of Google Chrome on Windows prior to version 149.0.7827.53 should update to the latest version to mitigate this vulnerability.

Technical summary

The vulnerability is caused by an integer overflow in Chromoting in Google Chrome on Windows. This allows a local attacker to obtain potentially sensitive information from process memory via a crafted ETW event.

Defensive priority

The CVSS score for this vulnerability is 5, with a severity rating of MEDIUM. This suggests that the vulnerability is not critical but still requires attention.

Recommended defensive actions

  • Update Google Chrome to version 149.0.7827.53 or later.
  • Refer to [ref-4](https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html) for release notes and [ref-5](https://issues.chromium.org/issues/501900366) for permissions required.

Evidence notes

The vulnerability was analyzed and published by the National Vulnerability Database (NVD). The CVSS vector for this vulnerability is CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N.

Official resources

CVE-2026-11281 was published on 2026-06-05T00:17 and modified on 2026-06-08T16:27.