CVE-2026-11301 - Vulnerability Details

Description

Inappropriate implementation in LiveCaption in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via malicious network traffic. (Chromium security severity: Low)

Published: 2026-06-04

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The flaw is caused by an improper bounds check in Chrome's LiveCaption feature, allowing a crafted network packet to trigger an out‑of‑bounds read in memory handling code. This leads to memory corruption that could be leveraged for exploitation. The flaw is classified as CWE‑125 and has been rated low severity by Chromium."

Affected Systems

Google Chrome versions older than 149.0.7827.53 are affected; any system running those builds is at risk, including desktop and possibly mobile deployments. The patch is available in the stable channel update for Chrome.

Risk and Exploitability

No public EPSS score is available and the vulnerability is not listed in CISA's KEV catalog, indicating low immediate exploitation risk. An attacker would need to send malicious traffic to a Chrome instance with Live Caption enabled; there are no known active exploits, but the memory corruption could potentially be used for remote code execution in certain contexts.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Google

Chrome

affected

Version	Status	Constraints
`149.0.7827.53`	affected	< 149.0.7827.53

No data.

Vendor Product Confidence Versions

Google

Chrome

100%

Version	Status	Scheme	Platform
`[149.0.7827.53,149.0.7827.53)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Chrome update (version 149.0.7827.53 or later).
Disable the Live Caption feature in Chrome settings if it is not required.
If an update cannot be applied immediately, use firewall or proxy rules to block or inspect traffic that would trigger Live Caption processing until the patch is installed.

Generated by OpenCVE AI on June 5, 2026 at 00:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html
https://issues.chromium.org/issues/504180386

History

Fri, 05 Jun 2026 01:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google Google chrome
Vendors & Products		Google Google chrome

Fri, 05 Jun 2026 01:00:00 +0000

Type	Values Removed	Values Added
Title		Out-of-Bounds Memory Access in Chrome LiveCaption via Network Traffic

Thu, 04 Jun 2026 23:45:00 +0000

Type	Values Removed	Values Added
Description		Inappropriate implementation in LiveCaption in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via malicious network traffic. (Chromium security severity: Low)
Weaknesses		CWE-125
References		https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/504180386

Subscriptions

Google Chrome

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2026-06-04T23:06:25.156Z

Updated: 2026-06-04T23:06:25.156Z

Reserved: 2026-06-04T17:11:20.269Z

Link: CVE-2026-11301

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-05T00:17:07.953

Modified: 2026-06-05T00:17:07.953

Link: CVE-2026-11301

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-05T01:00:14Z

Weaknesses

CWE-125

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object