Description
Stack buffer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-04
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack buffer overflow in the Skia graphics library within Google Chrome can be triggered by a specially crafted HTML page, allowing a remote attacker to corrupt the browser’s stack and potentially execute arbitrary code. The vulnerability is a classic stack overflow (CWE‑121) that elevates a local input problem to a remote attack surface.

Affected Systems

Google Chrome versions earlier than 149.0.7827.53 are affected. Users of any Chrome installation that has not yet updated to a recent release must address the issue immediately.

Risk and Exploitability

The vulnerability is listed with the Chromium security severity of Medium; no EPSS score is available, and it is not included in the CISA KEV catalog. Attackers would need to prompt users to visit a malicious web page or embed the payload in a link that activates the vulnerability. Because it is a remote code execution flaw with unmitigated input, the potential impact is high if exploited, while exploitation likelihood remains uncertain without further publicly available exploit code.

Generated by OpenCVE AI on June 5, 2026 at 04:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 149.0.7827.53 or later
  • Launch Chrome with the --disable-gpu flag to temporarily disable Skia rendering until a patch is available
  • Use web filtering or policy controls to block or warn users when encountering suspicious HTML pages that may trigger the vulnerability

Generated by OpenCVE AI on June 5, 2026 at 04:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Stack Buffer Overflow in Skia Leading to Remote Code Execution via Crafted HTML

Fri, 05 Jun 2026 04:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Stack buffer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-121
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-04T23:04:24.921Z

Reserved: 2026-06-04T17:06:31.811Z

Link: CVE-2026-11024

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T23:17:06.367

Modified: 2026-06-04T23:17:06.367

Link: CVE-2026-11024

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T04:30:31Z

Weaknesses