What is the CVSS score of CVE-2026-11671?

CVE-2026-11671 has a CVSS 3.1 base score of 9.6 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Google Chrome are affected by CVE-2026-11671?

Google Chrome versions before 149.0.7827.103 contain a critical vulnerability allowing remote system compromise through malicious webpages.. A patch is available.

How to fix or mitigate CVE-2026-11671?

24 hours: Issue organization-wide alert and prepare Chrome 149.0.7827.103 or later for deployment. 7 days: Deploy Chrome 149.0.7827.103 or later across all systems through patch management tools. 30 days: Verify deployment completion and audit all endpoints for vulnerable Chrome versions.

Google Chrome CVE-2026-11671

EUVD-2026-35271 CRITICAL

Use After Free (CWE-416)

2026-06-09 chrome-cve-admin@google.com

GHSA-93cq-cwfp-9r89

Denial Of Service Use After Free Memory Corruption Google Red Hat Suse

9.6

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.6 CRITICAL

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

SUSE

CRITICAL

qualitative

Red Hat

9.6 HIGH

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Jun 09, 2026 - 02:43 vuln.today

CVSS changed

Jun 09, 2026 - 02:22 NVD

9.6 (CRITICAL)

CVE Published

Jun 09, 2026 - 00:16 nvd

UNKNOWN (no severity yet)

CVE Published

Jun 09, 2026 - 00:16 nvd

CRITICAL 9.6

DescriptionCVE.org

Use after free in Navigation in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Articles & Coverage 1

News Critical Sandbox Escape in Google Chrome before 149.0.7827.103 - CVE-2026-11671 Jun 09, 2026

AnalysisAI

Sandbox escape in Google Chrome before 149.0.7827.103 allows a remote attacker to break out of the renderer sandbox through a use-after-free in the Navigation component when a victim visits a crafted HTML page. The CVSS 9.6 score reflects a scope-changing impact on confidentiality, integrity, and availability with only user interaction (visiting a page) required, and no public exploit was identified at time of analysis.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Victim loads attacker-controlled HTML page

Delivery

Crafted markup triggers Navigation use-after-free

Exploit

Reclaim freed object with controlled memory

Execution

Corrupt browser-process structures

Persist

Escape renderer sandbox

Impact

Execute code in browser process context

Access

Victim loads attacker-controlled HTML page

Delivery

Crafted markup triggers Navigation use-after-free

Exploit

Reclaim freed object with controlled memory

Execution

Corrupt browser-process structures

Persist

Escape renderer sandbox

Impact

Execute code in browser process context

Vulnerability AssessmentAI

Exploitation	The victim must use a vulnerable Google Chrome desktop build prior to 149.0.7827.103 and must visit or be redirected to attacker-controlled HTML (UI:R in the CVSS vector - a single page load suffices, no clicks or downloads required). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 9.6 vector (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) describes a network-reachable, low-complexity, unauthenticated bug requiring only a user to load a page, with a changed scope that captures the sandbox escape. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker hosts a malicious page (or compromises an ad network or a legitimate site via stored XSS) that delivers crafted HTML and JavaScript designed to trigger the Navigation use-after-free when the victim visits or is redirected to the page. Successful exploitation corrupts memory inside the browser process, allowing the attacker to escape the renderer sandbox and execute code with the browser's privileges on the user's machine, typically chained with a renderer RCE for a full one-click compromise. …
Remediation	Vendor-released patch: Google Chrome 149.0.7827.103 (Stable channel) - upgrade all desktop Chrome installations to this version or later via the Stable Channel Update advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html, and restart the browser to load the new binary. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Issue organization-wide alert and prepare Chrome 149.0.7827.103 or later for deployment. …

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Critical

Product	Status
openSUSE Leap 16.0	Fixed
openSUSE Tumbleweed	Fixed

CVE-2026-11671 vulnerability details – vuln.today

Back

Google Chrome CVE-2026-11671

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Articles & Coverage 1

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code