Description
Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-04
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An inappropriate implementation in the Media layer of Google Chrome before version 149.0.7827.53 allows a remote attacker to read data across origins by serving a specially crafted HTML page. This flaw does not require user interaction beyond visiting the malicious page and can expose confidential information that should be protected by same‑origin policy, thereby compromising the confidentiality of the victim’s data.

Affected Systems

All Google Chrome desktop browsers running any version earlier than 149.0.7827.53 on publicly accessible systems, specifically the stable channel releases. The issue applies to all platforms that execute Chrome’s media components.

Risk and Exploitability

The vulnerability is rated as medium in Chromium’s internal severity scale. No EPSS score is available and the flaw is not listed in CISA’s KEV catalog. Exploitation requires only delivery of a crafted web page; no additional privileges are needed. The potential impact is the leakage of sensitive cross‑origin information, making the risk moderate but actionable by applying the available patch.

Generated by OpenCVE AI on June 5, 2026 at 03:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 149.0.7827.53 or later via the official release channels
  • Enable automatic updates and enforce the latest stable channel through enterprise management tools
  • Avoid browsing untrusted sites or sandboxed content that could serve malicious HTML when immediate patching cannot occur

Generated by OpenCVE AI on June 5, 2026 at 03:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 04:15:00 +0000

Type Values Removed Values Added
Title Cross-Origin Data Leak via Media Component in Google Chrome
Weaknesses CWE-200

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-04T23:05:31.619Z

Reserved: 2026-06-04T17:10:38.777Z

Link: CVE-2026-11176

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T23:17:24.460

Modified: 2026-06-04T23:17:24.460

Link: CVE-2026-11176

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T05:00:12Z

Weaknesses