Skip to main content

Google Chrome CVE-2026-11296

| EUVDEUVD-2026-34757 HIGH
Improper Privilege Management (CWE-269)
2026-06-05 chrome-cve-admin@google.com GHSA-vx83-xm6h-8qjw
High
Disputed · 7.5 NVD
Share

Severity by source

Sources disagree (Low–High)
NVD PRIMARY
7.5 HIGH
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
0.0 LOW
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 05, 2026 - 03:16 vuln.today
CVSS changed
Jun 05, 2026 - 02:22 NVD
7.5 (None) 7.5 (HIGH)
CVE Published
Jun 05, 2026 - 00:17 nvd
UNKNOWN (no severity yet)
CVE Published
Jun 05, 2026 - 00:17 nvd
HIGH 7.5

DescriptionCVE.org

Inappropriate implementation in ImageCapture in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

AnalysisAI

Privilege escalation in Google Chrome's ImageCapture component before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to escape sandbox boundaries via a crafted HTML page. The flaw was reported by Google's internal security team and is rated medium-low by Chromium itself despite the 7.5 CVSS score, and no public exploit identified at time of analysis. SSVC indicates no known exploitation but total technical impact if successfully chained.

Technical ContextAI

ImageCapture is a Chromium Web API (part of the MediaStream specification) that lets web pages capture still images and access advanced camera controls from a video track. The vulnerability is classified as CWE-269 (Improper Privilege Management), meaning the ImageCapture implementation fails to correctly enforce the privilege boundary between the renderer (the sandboxed process that handles untrusted web content) and higher-privileged browser components. Because Chrome's security model treats the renderer as untrusted, a bug here is typically chained after a separate renderer-RCE primitive to break out of the sandbox, expanding what an already-compromised renderer can do.

RemediationAI

Vendor-released patch: Google Chrome 149.0.7827.53 - upgrade to this version or later on the Stable channel by allowing Chrome's auto-update to complete and restarting the browser, per the advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html and the upstream issue at https://issues.chromium.org/issues/502493950. Downstream Chromium-based browsers should be updated once their vendors ship the merged fix. As a compensating control until patched, administrators can disable camera/MediaStream access via enterprise policy (VideoCaptureAllowed=false or site-scoped DefaultMediaStreamSetting), which blocks the ImageCapture attack surface but breaks legitimate webcam-based applications like video conferencing; this is only a partial mitigation because the bug requires a pre-existing renderer compromise, so prioritizing patching of any other renderer-RCE Chrome vulnerabilities is equally important.

Vendor StatusVendor

SUSE

Severity: Important
Product Status
SUSE Package Hub 15 SP7 Fixed
openSUSE Leap 16.0 Fixed
openSUSE Tumbleweed Fixed
SUSE Package Hub 15 SP7 Affected

Share

CVE-2026-11296 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy