Description
Inappropriate implementation in Printing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-04
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw lies in Chrome’s printing module. A crafted HTML page can exploit an improper input validation bug to expose data from other origins when the renderer process is already compromised. The consequence is a cross‑origin data leak, broadening the impact of any attacker who gains control over the renderer. This means sensitive information could be extracted from web pages that otherwise would not be accessible.

Affected Systems

Google Chrome versions earlier than 149.0.7827.53 on all supported desktop platforms are affected. The issue is tied specifically to the printing functionality incorporated into the browser.

Risk and Exploitability

The vulnerability requires a prior compromise of the renderer process, which may be achieved through separate code‑execution or privilege‑escalation flaws. The CVSS score of 6.5 indicates a medium severity, and the EPSS score is below 1%, suggesting exploitation is unlikely but still possible. The vulnerability is not listed in the CISA KEV catalog. The medium severity rating indicates that while the flaw is not immediately critical, prompt remediation is advisable to prevent data loss.

Generated by OpenCVE AI on June 7, 2026 at 15:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 149.0.7827.53 or newer
  • If an update cannot be applied immediately, disable or restrict the printing functionality in Chrome using enterprise policy or command‑line flags
  • Apply network monitoring to detect abnormal data exfiltration patterns in Chrome processes, especially during rendering or printing activity

Generated by OpenCVE AI on June 7, 2026 at 15:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6325-1 chromium security update
History

Mon, 08 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Sun, 07 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Title chromium-browser: Insufficient validation of untrusted input in Printing
Weaknesses CWE-346
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 05 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Title Cross‑Origin Data Leak via Printing in Chrome Before 149.0.7827.53

Fri, 05 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 04:30:00 +0000

Type Values Removed Values Added
Title Cross‑Origin Data Leak via Printing in Chrome Before 149.0.7827.53

Fri, 05 Jun 2026 03:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in Printing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-20
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-05T16:29:50.696Z

Reserved: 2026-06-04T17:06:48.490Z

Link: CVE-2026-11093

cve-icon Vulnrichment

Updated: 2026-06-05T13:13:44.325Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-04T23:17:14.270

Modified: 2026-06-08T15:51:08.157

Link: CVE-2026-11093

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-02T00:00:00Z

Links: CVE-2026-11093 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-07T15:15:46Z

Weaknesses
  • CWE-20

    Improper Input Validation

  • CWE-346

    Origin Validation Error