CVE-2026-11064 - Vulnerability Details

- chromium-browser: Uninitialized Use in GPU

Description

Race in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Published: 2026-06-04

Score: 6.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a race condition in the GPU handling code of Google Chrome on Android prior to version 149.0.7827.53. An attacker who has already managed to compromise the renderer process can craft an HTML page that triggers the race, allowing the GPU to expose memory containing cross‑origin data. The weakness maps to CWE‑457 and CWE‑368, indicating a failure to initialize or enforce runtime checks and a race condition where a check and subsequent use are not correctly serialized.

Affected Systems

Affected systems are users of Google Chrome on Android before 149.0.7827.53. Any device running that build is susceptible until the patch is applied. Vendors have released a stable channel update that addresses the race.

Risk and Exploitability

The CVSS score is 6.5, and the EPSS score is < 1%. The vulnerability is not listed in the CISA KEV catalog. Exploitability requires a compromised renderer, which typically requires an initial foothold via another vulnerability. Therefore the risk to a fresh system is moderate, but once an attacker achieves renderer compromise the data leakage can be real. The attack vector is inferred to be local after renderer compromise, as the description implies a prerequisite of renderer compromise.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Google

Chrome

affected

Version	Status	Constraints
`149.0.7827.53`	affected	< 149.0.7827.53

Configuration 1 [-]

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Google

Chrome

100%

Version	Status	Scheme	Platform
`[0,149.0.7827.53)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Google Chrome on Android to version 149.0.7827.53 or later.
Ensure the Android operating system is kept up to date to reduce the likelihood of a renderer compromise.
If immediate upgrade is not possible, disable hardware acceleration for Chrome or use an alternative browser that does not expose the GPU race condition.

Generated by OpenCVE AI on June 7, 2026 at 14:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DSA	DSA-6325-1	chromium security update

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0025.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html
https://issues.chromium.org/issues/499075743
https://nvd.nist.gov/vuln/detail/CVE-2026-11064
https://www.cve.org/CVERecord?id=CVE-2026-11064

History

Mon, 08 Jun 2026 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google android
CPEs		cpe:2.3:a:google:chrome:::::::: cpe:2.3:o:google:android:-:::::::*
Vendors & Products		Google android

Sun, 07 Jun 2026 12:15:00 +0000

Type	Values Removed	Values Added
Title		chromium-browser: Uninitialized Use in GPU
Weaknesses		CWE-368
References		https://nvd.nist.gov/vuln/detail/CVE-2026-11064 https://www.cve.org/CVERecord?id=CVE-2026-11064
Metrics	threat_severity `None`	threat_severity `Moderate`

Fri, 05 Jun 2026 21:15:00 +0000

Type	Values Removed	Values Added
Title	Cross‑Origin Data Leak via GPU Race in Chrome on Android

Fri, 05 Jun 2026 19:30:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 05 Jun 2026 07:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google Google chrome
Vendors & Products		Google Google chrome

Fri, 05 Jun 2026 03:00:00 +0000

Type	Values Removed	Values Added
Title		Cross‑Origin Data Leak via GPU Race in Chrome on Android

Thu, 04 Jun 2026 23:15:00 +0000

Type	Values Removed	Values Added
Description		Race in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses		CWE-457
References		https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/499075743

Subscriptions

Google Android Chrome

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2026-06-04T23:04:41.622Z

Updated: 2026-06-05T18:25:42.722Z

Reserved: 2026-06-04T17:06:41.419Z

Link: CVE-2026-11064

Vulnrichment

Updated: 2026-06-05T18:25:26.448Z

NVD

Status : Analyzed

Published: 2026-06-04T23:17:10.910

Modified: 2026-06-08T14:51:34.673

Link: CVE-2026-11064

Redhat

Severity : Moderate

Publid Date: 2026-06-02T00:00:00Z

Links: CVE-2026-11064 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-07T14:30:16Z

Weaknesses

CWE-368
Context Switching Race Condition
CWE-457
Use of Uninitialized Variable

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object