Description
Inappropriate implementation in Enterprise in Google Chrome prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via physical access to the device. (Chromium security severity: Low)
Published: 2026-06-04
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability arises from an improper implementation in the Enterprise edition of Google Chrome prior to 149.0.7827.53. It allows a local attacker who has physical access to the device to gain higher privileges than intended, potentially compromising the entire system. The weakness can lead to unauthorized system modifications, data exposure, or further attacks, though it is classified as low severity by Chromium.

Affected Systems

Affected systems are Google Chrome Enterprise installations running any revision before 149.0.7827.53.

Risk and Exploitability

The EPSS score is unavailable and the vulnerability is not listed in the CISA KEV catalog, reflecting its niche impact. The low attribution in Chromium’s security severity scale and the necessity of local physical access reduce the overall risk. However, if an attacker already has physical access to an Enterprise-managed device, they can abuse this flaw to elevate privileges. Exploitation requires no network connection or special software and can be performed without additional user interaction once the device is compromised physically.

Generated by OpenCVE AI on June 5, 2026 at 03:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome Enterprise to version 149.0.7827.53 or later.
  • Enforce device lock screens and restrict physical access to devices, especially for privileged accounts.
  • Configure Chrome Enterprise policies to disable or restrict local account usage that can be exploited for privilege escalation.

Generated by OpenCVE AI on June 5, 2026 at 03:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 03:45:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via Local Physical Access in Enterprise Chrome
Weaknesses CWE-269
CWE-285

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in Enterprise in Google Chrome prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via physical access to the device. (Chromium security severity: Low)
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-04T23:05:53.333Z

Reserved: 2026-06-04T17:10:56.818Z

Link: CVE-2026-11229

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T23:17:30.707

Modified: 2026-06-04T23:17:30.707

Link: CVE-2026-11229

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T04:30:31Z

Weaknesses