PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-11674 Google CVE debrief

CVE-2026-11674 is a high-severity vulnerability in Google Chrome prior to version 149.0.7827.103. This use-after-free issue in the Guest View component allows remote attackers to execute arbitrary code inside a sandbox via a crafted HTML page. The vulnerability has a CVSS score of 8.8 and is considered High severity by Chromium.

Vendor
Google
Product
Chrome
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-09
Original CVE updated
2026-06-09
Advisory published
2026-06-09
Advisory updated
2026-06-09

Who should care

Users of Google Chrome prior to version 149.0.7827.103, particularly those who may be targeted by remote attackers via crafted HTML pages.

Technical summary

The vulnerability is a use-after-free issue in the Guest View component of Google Chrome. This type of vulnerability occurs when the program attempts to use memory after it has been freed, which can lead to arbitrary code execution. In this case, a remote attacker can exploit the vulnerability by crafting a malicious HTML page that, when opened in a vulnerable version of Chrome, allows the attacker to execute arbitrary code inside the browser's sandbox.

Defensive priority

High

Recommended defensive actions

  • Update Google Chrome to version 149.0.7827.103 or later.
  • Avoid opening suspicious or untrusted HTML pages.

Evidence notes

The CVE record and NVD detail for CVE-2026-11674 provide official information about the vulnerability. Vendor advisories and source references are available at [ref-4](https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html) and [ref-5](https://issues.chromium.org/issues/516910450).

Official resources

CVE-2026-11674 was published on 2026-06-09T00:16:50.673Z and modified on 2026-06-09T14:54:17.200Z.