Description
Inappropriate implementation in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-04
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Dawn rendering engine in Google Chrome contains an implementation flaw that permits a remote attacker to trigger out-of-bounds memory access by serving a specially crafted HTML page. This flaw can lead to memory corruption, which may be exploitable for arbitrary code execution or a denial of service, depending on the execution context. The Chromium security team has rated the issue as Medium severity, indicating that while exploitation is possible, it is not guaranteed to achieve high-impact results without additional conditions.

Affected Systems

Google Chrome versions earlier than 149.0.7827.53 are affected. No other Chrome versions are known to be impacted. The vulnerability resides specifically in the Dawn component of the browser.

Risk and Exploitability

The vulnerability can be leveraged from the internet by delivering the malicious HTML page to a user’s browser. The attack vector is remote and requires the victim to open or load the crafted page. No input from the CVE indicates that the flaw requires privileged access or local compromise. The EPSS score is not available, and the flaw is not listed in CISA's KEV, suggesting a comparatively lower likelihood of widespread exploitation at present. The Chromium security severity of Medium reflects a moderate risk profile, with the potential to lead to memory corruption but with uncertain exploitation success.

Generated by OpenCVE AI on June 5, 2026 at 02:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 149.0.7827.53 or later, as recommended in the Chrome stable channel release notes.
  • If an upgrade cannot be performed immediately, enforce strict content security policies or use a sandboxed browsing environment to isolate untrusted web content.
  • Ensure automatic updates are enabled or regularly check for updates to keep Chrome current with security fixes.

Generated by OpenCVE AI on June 5, 2026 at 02:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 05:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 02:45:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Memory Access in Chrome's Dawn Rendering Engine
Weaknesses CWE-119

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-04T23:04:52.574Z

Reserved: 2026-06-04T17:06:48.008Z

Link: CVE-2026-11091

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T23:17:14.040

Modified: 2026-06-04T23:17:14.040

Link: CVE-2026-11091

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T05:30:32Z

Weaknesses