Description
Integer overflow in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-04
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An integer overflow occurs in the GPU subsystem of Google Chrome for Android, allowing a remote attacker to trigger out‑of‑bounds memory access when the victim loads a specially crafted HTML page. The vulnerability is classified with medium severity by the Chromium security team, indicating that exploitation is not trivial but not impossible.

Affected Systems

Google Chrome for Android versions earlier than 149.0.7827.53 are affected. All newer Chrome releases and other Google Chrome products are not impacted.

Risk and Exploitability

The flaw can be exposed remotely through a web page, meaning any device with an Internet browser running the vulnerable Chrome version is at risk. The EPSS score is not available and the vulnerability is not listed in CISA KEV, but the medium severity rating and the potential for out‑of‑bounds memory access suggest a measurable risk. Attackers would likely need to entice the victim to visit or load the malicious page, and further exploitation would depend on additional conditions that are not described in the CVE data.

Generated by OpenCVE AI on June 5, 2026 at 05:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 149.0.7827.53 or later via the official update channel
  • Enforce Chrome updates across the organization using managed configuration or enterprise policy
  • Implement web filtering or security monitoring to block or detect malicious HTML content that could trigger the vulnerability

Generated by OpenCVE AI on June 5, 2026 at 05:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 05:30:00 +0000

Type Values Removed Values Added
Title Google Chrome Android GPU Integer Overflow Leading to Out‑of‑Bounds Memory Access via Crafted Web Page

Fri, 05 Jun 2026 03:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Integer overflow in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-472
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-04T23:04:50.285Z

Reserved: 2026-06-04T17:06:46.658Z

Link: CVE-2026-11085

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T23:17:13.333

Modified: 2026-06-04T23:17:13.333

Link: CVE-2026-11085

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T05:15:25Z

Weaknesses