Description
Inappropriate implementation in Printing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-04
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw lies in Chrome’s printing module. A crafted HTML page can exploit an improper input validation bug to expose data from other origins when the renderer process is already compromised. The consequence is a cross‑origin data leak, broadening the impact of any attacker who gains control over the renderer. This means sensitive information could be extracted from web pages that otherwise would not be accessible.

Affected Systems

Google Chrome versions earlier than 149.0.7827.53 on all supported desktop platforms are affected. The issue is tied specifically to the printing functionality incorporated into the browser.

Risk and Exploitability

The vulnerability requires a prior compromise of the renderer process, which may be achieved through separate code‑execution or privilege‑escalation flaws. EPSS data is not available, so the current exploitation probability is unknown, and the vulnerability is not listed in the CISA KEV catalog. The medium severity rating indicates that while the flaw is not immediately critical, prompt remediation is advisable to prevent data loss.

Generated by OpenCVE AI on June 5, 2026 at 04:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 149.0.7827.53 or newer
  • If an update cannot be applied immediately, disable or restrict the printing functionality in Chrome using enterprise policy or command‑line flags
  • Apply network monitoring to detect abnormal data exfiltration patterns in Chrome processes, especially during rendering or printing activity

Generated by OpenCVE AI on June 5, 2026 at 04:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 04:30:00 +0000

Type Values Removed Values Added
Title Cross‑Origin Data Leak via Printing in Chrome Before 149.0.7827.53

Fri, 05 Jun 2026 03:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in Printing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-20
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-04T23:04:53.572Z

Reserved: 2026-06-04T17:06:48.490Z

Link: CVE-2026-11093

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T23:17:14.270

Modified: 2026-06-04T23:17:14.270

Link: CVE-2026-11093

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T04:15:26Z

Weaknesses