Description
Inappropriate implementation in Page Info in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-04
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An inadequate implementation in Page Info in Google Chrome for Android allows a remote attacker who has already compromised the renderer process to bypass navigation restrictions by delivering a crafted HTML page. The flaw does not grant arbitrary code execution but permits the attacker to redirect or open URLs the user should not be able to access, potentially facilitating phishing or other deceptive interactions. The impact is largely limited to the compromised renderer’s context and does not directly expose the operating system or other processes.

Affected Systems

Google Chrome on Android versions prior to 149.0.7827.53 are affected. The vulnerability is present on the Android stable channel and any device running a Chrome installation older than the specified version. No other vendors or product variants are listed.

Risk and Exploitability

The CVE carries a Chromium security severity of Low, and there is no EPSS score available or listing in the CISA KEV catalog. Exploitation requires the attacker to first compromise the renderer process, which typically demands a local or privilege escalation vulnerability or an elevated app. Because of that prerequisite, the attack vector is limited and the likelihood of successful exploitation in the wild remains low. Nonetheless, the presence of this weakness underscores the importance of keeping browsers patched and correctly sandboxed.

Generated by OpenCVE AI on June 5, 2026 at 00:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome on Android to version 149.0.7827.53 or later, which contains the Page Info patch.
  • Ensure automatic updates are enabled on Android to receive future browser security fixes promptly.
  • Limit the use of trusted sites that submit navigation requests to the renderer by restricting site permissions or disabling features that expose Page Info directly.

Generated by OpenCVE AI on June 5, 2026 at 00:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 01:15:00 +0000

Type Values Removed Values Added
Title Inappropriate Page Info Implementation Allows Navigation Bypass in Chrome on Android
Weaknesses CWE-862

Thu, 04 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in Page Info in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-04T23:06:14.332Z

Reserved: 2026-06-04T17:11:12.446Z

Link: CVE-2026-11275

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-05T00:17:04.643

Modified: 2026-06-05T00:17:04.643

Link: CVE-2026-11275

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T01:30:25Z

Weaknesses