Skip to main content

Google Chrome CVE-2026-11657

| EUVD-2026-35257 HIGH
Use After Free (CWE-416)
2026-06-09 chrome-cve-admin@google.com GHSA-8cpx-r29v-jx66
Google Memory Corruption RCE Use After Free Denial Of Service Red Hat Suse
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SUSE
CRITICAL
qualitative
Red Hat
9.6 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 09, 2026 - 02:45 vuln.today
CVSS changed
Jun 09, 2026 - 01:22 NVD
8.8 (HIGH)
CVE Published
Jun 09, 2026 - 00:16 nvd
UNKNOWN (no severity yet)
CVE Published
Jun 09, 2026 - 00:16 nvd
HIGH 8.8

DescriptionCVE.org

Use after free in Payments in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

AnalysisAI

Remote code execution in Google Chrome on macOS prior to version 149.0.7827.103 stems from a use-after-free flaw in the Payments component, allowing a remote attacker to run arbitrary code in the renderer process via a crafted HTML page. The issue carries a CVSS 8.8 (High) rating and was reported through Google's internal Chrome security process; no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Victim visits attacker-controlled HTML page
Delivery
Page invokes Chrome Payments API with crafted input
Exploit
Use-after-free triggered in Payments component
Install
Heap groomed and freed object reclaimed
C2
Control flow hijacked in renderer process
Execute
Arbitrary code executes in sandboxed renderer
Impact
Session data exfiltrated or sandbox escape chained
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to be running Google Chrome on macOS at a version below 149.0.7827.103 and to navigate to (or have rendered) attacker-controlled HTML/JavaScript that triggers the Payments component - per CVSS UI:R, user interaction in the form of visiting the malicious page is required. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H reflects a realistic browser-RCE profile: network reachable, low complexity, no authentication, but requires user interaction (visiting a malicious page) and does not cross the renderer sandbox (S:U). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker hosts a malicious web page (or compromises an ad network / serves a malicious iframe) that exercises the Chrome Payments code path with crafted JavaScript designed to trigger the use-after-free; a macOS Chrome user on a vulnerable build visits the page and the renderer is hijacked, giving the attacker code execution inside the sandboxed renderer process. To achieve full system compromise the attacker would typically chain a separate macOS renderer sandbox escape; absent that, the renderer-level access still enables credential theft, session hijacking, and cross-site data exfiltration from the victim's browsing session. …
Remediation Vendor-released patch: Google Chrome 149.0.7827.103 for macOS - upgrade immediately via Chrome's built-in updater or by redeploying the latest stable channel build, per the Chrome Releases advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all macOS systems running Chrome prior to version 149.0.7827.103; assess deployment infrastructure and communication plans. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
openSUSE Leap 16.0 Fixed
openSUSE Tumbleweed Fixed

Share

CVE-2026-11657 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy