PatchSiren cyber security CVE debrief
CVE-2026-11290 Google CVE debrief
CVE-2026-11290 is an integer overflow vulnerability in WebView in Google Chrome on Android prior to 149.0.7827.53. A local attacker can exploit this vulnerability to cause a denial of service via a malicious file. The CVSS score for this vulnerability is 5, and the severity is MEDIUM.
- Vendor
- Product
- Chrome
- CVSS
- MEDIUM 5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-05
Who should care
Users of Google Chrome on Android prior to version 149.0.7827.53 should update to the latest version to mitigate this vulnerability.
Technical summary
The vulnerability is caused by an integer overflow in WebView in Google Chrome on Android. This can be exploited by a local attacker to cause a denial of service via a malicious file.
Defensive priority
MEDIUM
Recommended defensive actions
- Update Google Chrome on Android to version 149.0.7827.53 or later.
Evidence notes
The CVE record was obtained from the official CVE website [resourceLinkAnnotations:cve-org]. The vulnerability details were obtained from the NVD database [resourceLinkAnnotations:nvd].
Official resources
CVE-2026-11290 was published on 2026-06-05T00:17:06 and modified on 2026-06-05T20:17:27.