PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-11655 Google CVE debrief

CVE-2026-11655 is an integer overflow vulnerability in the Media component of Google Chrome on Mac systems. This issue was present prior to version 149.0.7827.103 and could allow a remote attacker, who had already compromised the renderer process, to potentially perform a sandbox escape via a specially crafted HTML page. The vulnerability has been classified as High severity by the Chromium security team.

Vendor
Google
Product
Chrome
CVSS
HIGH 8.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-09
Original CVE updated
2026-06-09
Advisory published
2026-06-09
Advisory updated
2026-06-09

Who should care

Users of Google Chrome on Mac systems, particularly those who may be targeted by attackers, should be aware of this vulnerability. Additionally, administrators responsible for updating Google Chrome installations within their organizations should prioritize applying the necessary updates.

Technical summary

The vulnerability is caused by an integer overflow in the Media component of Google Chrome. This could allow an attacker to execute arbitrary code or escape the sandbox, potentially leading to unauthorized access or further exploitation.

Defensive priority

High

Recommended defensive actions

  • Update Google Chrome to version 149.0.7827.103 or later to mitigate this vulnerability.
  • Ensure that Google Chrome is set to automatically update to the latest version.
  • Be cautious when opening HTML pages from untrusted sources, as they may contain crafted content designed to exploit this vulnerability.

Evidence notes

This CVE record was obtained from the official CVE.org website and the NVD detail page. Additional information was gathered from the Chromium security release notes and issue tracker.

Official resources

CVE-2026-11655 was published on 2026-06-09T00:16:48.473Z and modified on 2026-06-09T14:58:24.937Z.