PatchSiren cyber security CVE debrief
CVE-2026-11668 Google CVE debrief
CVE-2026-11668 is a High severity vulnerability in Google Chrome on Linux, ChromeOS prior to 149.0.7827.103. This issue involves an uninitialized use in Codecs that allows a remote attacker to leak cross-origin data via a crafted video file. The vulnerability has a CVSS score of 4.3, indicating a Medium severity level.
- Vendor
- Product
- Chrome
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Users of Google Chrome on Linux and ChromeOS systems, particularly those who handle sensitive cross-origin data, should be aware of this vulnerability. This vulnerability was publicly disclosed on 2026-06-09.
Technical summary
The vulnerability is caused by an uninitialized use in the Codecs component of Google Chrome. This issue allows a remote attacker to leak cross-origin data by providing a crafted video file. The vulnerability affects Google Chrome on Linux and ChromeOS systems prior to version 149.0.7827.103.
Defensive priority
High
Recommended defensive actions
- Update Google Chrome to version 149.0.7827.103 or later to mitigate this vulnerability.
- Limit exposure to untrusted video files.
Evidence notes
Evidence for this CVE comes from the official CVE record and the National Vulnerability Database (NVD).
Official resources
-
CVE-2026-11668 CVE record
CVE.org
-
CVE-2026-11668 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
[email protected] - Permissions Required
CVE-2026-11668 was publicly disclosed on 2026-06-09.