PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-11660 Google CVE debrief

CVE-2026-11660 is a High-severity vulnerability in Google Chrome prior to version 149.0.7827.103. The issue involves insufficient validation of untrusted input in the New Tab Page, allowing a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. The vulnerability has a CVSS score of 8.3 and is classified as High severity.

Vendor
Google
Product
Chrome
CVSS
HIGH 8.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-09
Original CVE updated
2026-06-09
Advisory published
2026-06-09
Advisory updated
2026-06-09

Who should care

Users of Google Chrome prior to version 149.0.7827.103 should update to the latest version to mitigate this vulnerability. Additionally, administrators and security teams responsible for managing Chrome deployments should prioritize updating to the patched version.

Technical summary

The vulnerability exists in the New Tab Page of Google Chrome, where insufficient validation of untrusted input allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. This can lead to arbitrary code execution, data tampering, and other malicious activities.

Defensive priority

High

Recommended defensive actions

  • Update Google Chrome to version 149.0.7827.103 or later.
  • Ensure that Chrome is configured to automatically update to the latest version.
  • Monitor Chrome releases and patch notes for future updates.

Evidence notes

The CVE record and NVD detail provide official information about the vulnerability, including its description, CVSS score, and affected versions.

Official resources

CVE-2026-11660 was published on 2026-06-09T00:16:49.033Z and modified on 2026-06-09T14:57:51.947Z.