Zero Day MonitorZDM

← Back to list

7.5

CVE-2026-11255EXPLOITEDPATCHED

google · chrome

CVE-2026-11255: Insufficient validation of untrusted input in Storage Access API in Google Chrome prior to 149.0.7827.53 allowed a remot

Description

Insufficient validation of untrusted input in Storage Access API in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Affected Products

Vendor	Product	Versions
google	chrome	149.0.7827.53

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
apple	macos	cve_cpe	95%
google	chrome	cert_advisory	90%
linux	linux_kernel	cve_cpe	95%
microsoft	edge	cert_advisory	90%
microsoft	windows	cve_cpe	95%

References

https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html
https://issues.chromium.org/issues/498417152

Related News (3 articles)

Tier B

BSI Advisories2d ago

[NEU] [hoch] Google Chrome und Microsoft Edge: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB2d ago

CVE-2026-11255 | Google Chrome up to 148.0.7778.216 Storage Access API cross-domain policy (ID 498417)

→ No new info (linked only)

Tier B

CERT-FR2d ago

Multiples vulnérabilités dans Google Chrome (05 juin 2026)

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

149.0.7827.53

CWECWE-20

PublishedJun 4, 2026

Last enriched2d agov2

Trending Score51

Source articles3

Independent3

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2025-48595EXP

CVE-2025-48595: In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to

CRITICALCVE-2026-10881EXP

CVE-2026-10881: Out of bounds read and write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially p

CRITICALCVE-2026-11070EXP

CVE-2026-11070: Insufficient validation of untrusted input in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a re

CRITICALCVE-2026-10946EXP

CVE-2026-10946: Heap buffer overflow in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to

CRITICALCVE-2026-11082EXP

CVE-2026-11082: Race in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the rendere

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 4, 2026

Discovered by ZDM

Jun 5, 2026

Updated: affectedVersions, severity, activelyExploited

Jun 5, 2026

Actively Exploited

Jun 5, 2026

Patch Available

Jun 5, 2026

Version History

v2

Last enriched 2d ago

v2Tier C2d ago

Updated affected versions to include 148.0.7778.216, changed severity to LOW, and noted that no exploit is available.

affectedVersionsseverityactivelyExploited

via VulDB

v12d ago

Initial creation