Description
Inappropriate implementation in File System Access in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-04
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In Google Chrome versions before 149.0.7827.53 an inadvertent File System Access handling flaw allows a remote attacker who lures a user into performing specific UI gestures on a crafted web page to circumvent discretionary access controls. The weakness effectively lets the attacker gain elevated file system permissions that the user would not normally have. This flaw is identified as a low severity issue but can be used to elevate privileges on the victim machine.

Affected Systems

The vulnerability impacts Google Chrome running on any platform where the affected version is installed. Users of Chrome prior to update 149.0.7827.53 are at risk. No other vendors or product lines are directly listed.

Risk and Exploitability

Because the attacker must first persuade the user to interact with the malicious page, the attack vector requires user cooperation, which limits its scale. The EPSS score is not available, suggesting a low likely exploitation probability, and the flaw is not currently listed in CISA’s KEV catalog. Nonetheless, the potential for privilege escalation warrants precautionary action and patching by all users of the affected Chrome builds.

Generated by OpenCVE AI on June 5, 2026 at 00:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Chrome to version 149.0.7827.53 or later
  • Enable automatic updates for Chrome to ensure the new version is applied promptly
  • Configure Chrome’s site permissions to disable file‑system access for untrusted or unknown domains

Generated by OpenCVE AI on June 5, 2026 at 00:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 03:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 01:15:00 +0000

Type Values Removed Values Added
Title Chrome File System Access Bypass via Crafted Page
Weaknesses CWE-284
CWE-285

Thu, 04 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in File System Access in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-04T23:06:07.377Z

Reserved: 2026-06-04T17:11:07.168Z

Link: CVE-2026-11258

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-05T00:17:02.470

Modified: 2026-06-05T00:17:02.470

Link: CVE-2026-11258

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T03:15:15Z

Weaknesses