Description
A vulnerability flaw was found in the Skia component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=500414865
Published: n/a
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A defect in the Skia graphics library used by Chromium was reported by the Chromium team. The CVE entry does not disclose the precise technical details, so the nature of the vulnerability is inferred to be a defect that can trigger application crashes when rendering certain graphics data. A crash in the browser could be leveraged by an attacker to interrupt service or render the browser unusable for users, constituting a denial of service to the user or the host.

Affected Systems

The product affected is the Chromium browser via its Skia component. No specific version numbers are provided, meaning any Chromium release that includes the unpatched Skia library is potentially vulnerable. Users should verify if their version is prior to the 2026‑06 stable channel update that contains the Skia fix.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity, yet the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed exploitation in the wild. It is inferred that the attack vector requires supplying maliciously crafted graphic content or triggering rendering paths that exercise the flaw. If exploited, the impact would be a browser crash leading to denial of service to the target user or, through privileged processes, to the host system.

Generated by OpenCVE AI on June 9, 2026 at 01:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Chromium update that includes the Skia fix, as released by Google in the 2026‑06 stable channel.
  • If an update cannot be applied immediately, disable hardware acceleration or any graphics acceleration features to reduce exposure to the vulnerable rendering paths.
  • Monitor Chromium security advisories and the CVE record for any updates regarding exploitation or additional fixes.

Generated by OpenCVE AI on June 9, 2026 at 01:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6325-1 chromium security update
History

Tue, 09 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Chromium
Chromium chromium
Vendors & Products Chromium
Chromium chromium

Tue, 09 Jun 2026 02:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Tue, 09 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Description A vulnerability flaw was found in the Skia component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=500414865
Title chromium-browser: chromium-browser: Vulnerability in Skia
References
Metrics threat_severity

None

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

threat_severity

Moderate

Subscriptions

Chromium Chromium
cve-icon MITRE

No data.

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-02T00:00:00Z

Links: CVE-2026-11099 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T09:00:54Z

Weaknesses