PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-11283 Google CVE debrief

CVE-2026-11283 is a vulnerability in Google Chrome on Mac, specifically affecting the Shortcuts feature. The issue, categorized as Insufficient validation of untrusted input, allowed a remote attacker to bypass navigation restrictions via a malicious file. This vulnerability was rated as Low severity by Chromium and has a CVSS score of 6.5, classified as MEDIUM.

Vendor
Google
Product
Chrome
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-05
Original CVE updated
2026-06-08
Advisory published
2026-06-05
Advisory updated
2026-06-08

Who should care

Users of Google Chrome on Mac, particularly those who may be exposed to malicious files or untrusted input, should be aware of this vulnerability. The vulnerability was patched in version 149.0.7827.53 or later.

Technical summary

The vulnerability, CVE-2026-11283, was caused by insufficient validation of untrusted input in Shortcuts in Google Chrome on Mac. This allowed a remote attacker to bypass navigation restrictions via a malicious file. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N.

Defensive priority

This vulnerability is rated as Low severity by Chromium and has a CVSS score of 6.5, classified as MEDIUM. While it may not be a high-priority issue, users should still apply the patch to prevent potential exploitation.

Recommended defensive actions

  • Update Google Chrome on Mac to version 149.0.7827.53 or later.
  • Be cautious when opening files from untrusted sources.

Evidence notes

Evidence for this CVE comes from the official CVE record [cve-org] and the National Vulnerability Database [nvd].

Official resources

CVE-2026-11283 was published on 2026-06-05T00:17:05.670Z and modified on 2026-06-08T14:55:17.270Z.