CVE-2026-11075 - Vulnerability Details

Description

Out of bounds read in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Published: 2026-06-04

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An out‑of‑bounds read in V8 allows a remote attacker to read arbitrary data from process memory when a crafted HTML page is rendered, potentially exposing sensitive information. The weakness is an example of CWE‑125, which indicates invalid memory indexing during execution of a built‑in language engine. This flaw can compromise the confidentiality of data stored in the browser process.

Affected Systems

Google Chrome for all platforms, including Windows, macOS, Linux, Android, and iOS, with any build older than 149.0.7827.53. Users running earlier versions are at risk until the vulnerability is mitigated by the vendor.

Risk and Exploitability

The vulnerability is not listed in CISA KEV and no EPSS score is available. Chromium reports the issue with a Medium severity level. The exploit can be delivered through a web page that the user opens or views, implying that remote or localized attacks are feasible. Until the vendor releases a patch, the risk remains moderate.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Google

Chrome

affected

Version	Status	Constraints
`149.0.7827.53`	affected	< 149.0.7827.53

No data.

Vendor Product Confidence Versions

Google

Chrome

100%

Version	Status	Scheme	Platform
`[149.0.7827.53,149.0.7827.53)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update Google Chrome to version 149.0.7827.53 or later.
Ensure Chrome’s sandbox, Site Isolation, and Safe Browsing features remain enabled to reduce the impact of any memory corruption.
Use a security solution that monitors and blocks known malicious web content to mitigate risk while the official update is pending.

Generated by OpenCVE AI on June 5, 2026 at 04:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00035.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html
https://issues.chromium.org/issues/499659070

History

Fri, 05 Jun 2026 06:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google Google chrome
Vendors & Products		Google Google chrome

Fri, 05 Jun 2026 04:45:00 +0000

Type	Values Removed	Values Added
Title		Out‑of‑Bounds Read in V8 Engine Enables Memory Disclosure

Thu, 04 Jun 2026 23:15:00 +0000

Type	Values Removed	Values Added
Description		Out of bounds read in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses		CWE-125
References		https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/499659070

Subscriptions

Google Chrome

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2026-06-04T23:04:46.089Z

Updated: 2026-06-04T23:04:46.089Z

Reserved: 2026-06-04T17:06:44.241Z

Link: CVE-2026-11075

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-06-04T23:17:12.197

Modified: 2026-06-05T15:02:59.990

Link: CVE-2026-11075

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-05T06:15:33Z

Weaknesses

CWE-125

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object