PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-11299 Google CVE debrief

CVE-2026-11299 is an integer overflow vulnerability in Google Chrome's Fonts component prior to version 149.0.7827.53. This CVE was published on 2026-06-05T00:17:07.700Z and last modified on 2026-06-09T13:43:58.697Z. The vulnerability allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. The CVSS score for this vulnerability is 6.5, with a severity rating of MEDIUM.

Vendor
Google
Product
Chrome
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-05
Original CVE updated
2026-06-09
Advisory published
2026-06-05
Advisory updated
2026-06-09

Who should care

Users of Google Chrome prior to version 149.0.7827.53 should update to the latest version to mitigate this vulnerability.

Technical summary

The vulnerability is caused by an integer overflow in the Fonts component of Google Chrome. This allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Defensive priority

The CVSS score for this vulnerability is 6.5, with a severity rating of MEDIUM. This suggests that the vulnerability should be prioritized for remediation.

Recommended defensive actions

  • Update Google Chrome to version 149.0.7827.53 or later.
  • Review and apply the release notes and patches provided by Google Chrome: [ref-4](https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html).

Evidence notes

The CVE record [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-11299) and NVD detail [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-11299) provide additional information about this vulnerability.

Official resources

CVE-2026-11299 was published on 2026-06-05T00:17:07.700Z and last modified on 2026-06-09T13:43:58.697Z.