What is the CVSS score of CVE-2026-11165?

CVE-2026-11165 has a CVSS 3.1 base score of 9.6 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Google Chrome are affected by CVE-2026-11165?

Google Chrome on iOS users are exposed to a critical sandbox escape vulnerability (CVE-2026-11165) that allows attackers to fully compromise device security by hosting malicious web pages.. A patch is available.

Google Chrome CVE-2026-11165

EUVD-2026-34626 CRITICAL

Use After Free (CWE-416)

2026-06-04 chrome-cve-admin@google.com

GHSA-3r5f-98jq-rfx6

Denial Of Service Google Use After Free Memory Corruption Apple

9.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Jun 05, 2026 - 18:28 vuln.today

CVSS changed

Jun 05, 2026 - 18:22 NVD

9.6 (CRITICAL)

CVE Published

Jun 04, 2026 - 23:17 nvd

UNKNOWN (no severity yet)

CVE Published

Jun 04, 2026 - 23:17 nvd

CRITICAL 9.6

DescriptionNVD

Use after free in WebMIDI in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

AnalysisAI

Sandbox escape in Google Chrome on iOS before 149.0.7827.53 can be triggered by a remote attacker who lures a user to a malicious HTML page that abuses a use-after-free condition in the WebMIDI subsystem. Successful exploitation breaks out of the renderer sandbox with high confidentiality, integrity, and availability impact, though no public exploit is identified at time of analysis and EPSS probability is very low (0.03%).

RemediationAI

Within 24 hours: Identify Chrome usage across iOS devices in your environment using MDM telemetry; issue security alert to all users. Within 7 days: Push Chrome iOS update to version 149.0.7827.53 or later via MDM; establish deadline for patch compliance. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-0072 CRITICAL Act Now

10.0 Jun 01

Local privilege escalation in Google Android XR stems from a missing permission check in InputMethodManagerService.addIn

CVE-2026-10881 CRITICAL Act Now

9.6 Jun 04

Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 149.0.7827.53 allows a remote attacker to trigge

CVE-2026-10886 CRITICAL Act Now

9.6 Jun 04

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to exploit a use-after-free cond

CVE-2026-10966 CRITICAL Act Now

9.6 Jun 04

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to break out of the renderer pro

CVE-2026-10971 CRITICAL Act Now

9.6 Jun 04

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised t

CVE-2026-11165 vulnerability details – vuln.today

Back

Google Chrome CVE-2026-11165

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code