What is the CVSS score of CVE-2026-11681?

CVE-2026-11681 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Google Chrome are affected by CVE-2026-11681?

Google Chrome for Linux contains a heap corruption vulnerability (CVE-2026-11681, CVSS 8.8) enabling arbitrary code execution when users visit a malicious website; no public exploit identified at…. A patch is available.

How to fix or mitigate CVE-2026-11681?

Within 24 hours: Identify all Linux systems running Chrome versions before 149.0.7827.103 and issue security advisory with patch information to users and system administrators. Within 7 days: Deploy Chrome 149.0.7827.103 or later through standard update mechanisms; prioritize systems in high-risk roles and Linux server environments. Within 30 days: Audit version compliance across the Linux fleet; establish monitoring for exploitation attempts and anomalous browser behavior.

Google Chrome CVE-2026-11681

EUVD-2026-35207 HIGH

Use After Free (CWE-416)

2026-06-09 chrome-cve-admin@google.com

GHSA-mhrm-mf55-j4p7

Denial Of Service Use After Free Memory Corruption Google Red Hat Suse

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SUSE

CRITICAL

qualitative

Red Hat

8.8 HIGH

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Jun 09, 2026 - 11:30 vuln.today

CVSS changed

Jun 09, 2026 - 11:22 NVD

8.8 (HIGH)

CVE Published

Jun 09, 2026 - 00:16 nvd

UNKNOWN (no severity yet)

CVE Published

Jun 09, 2026 - 00:16 nvd

HIGH 8.8

DescriptionCVE.org

Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

AnalysisAI

Heap corruption in Google Chrome's Ozone component on Linux before version 149.0.7827.103 allows remote attackers to potentially achieve arbitrary code execution within the browser process when a victim visits a crafted HTML page. The flaw is a use-after-free rated High severity by Chromium, with CVSS 8.8 reflecting network-reachable exploitation requiring only minimal user interaction. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Victim loads attacker-controlled URL on Linux Chrome

Delivery

Crafted HTML triggers Ozone object lifecycle bug

Exploit

Use-after-free corrupts renderer heap

Execution

Attacker gains code execution in sandboxed renderer

Impact

Optional chain with sandbox escape for host compromise

Access

Victim loads attacker-controlled URL on Linux Chrome

Delivery

Crafted HTML triggers Ozone object lifecycle bug

Exploit

Use-after-free corrupts renderer heap

Execution

Attacker gains code execution in sandboxed renderer

Impact

Optional chain with sandbox escape for host compromise

Vulnerability AssessmentAI

Exploitation	Victim must run Google Chrome on Linux at a version before 149.0.7827.103 and must be induced to load attacker-controlled HTML (CVSS UI:R), so drive-by browsing, phishing links, malvertising, or compromised third-party content all qualify as delivery paths. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	Signals are mixed but lean toward prioritized patching rather than emergency response. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker hosts a malicious web page containing crafted HTML that exercises a freed Ozone object during rendering on a Linux Chrome user. The victim is lured to the page via phishing, a compromised ad, or a watering-hole site; on load, Chrome triggers the use-after-free and the attacker steers the resulting heap corruption toward arbitrary code execution inside the sandboxed renderer, which would then need to be chained with a sandbox escape for full system compromise. …
Remediation	Vendor-released patch: Google Chrome 149.0.7827.103 for Linux; update affected endpoints to this version or later via the standard stable channel update described at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all Linux systems running Chrome versions before 149.0.7827.103 and issue security advisory with patch information to users and system administrators. …

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Critical

Product	Status
openSUSE Leap 16.0	Fixed
openSUSE Tumbleweed	Fixed

CVE-2026-11681 vulnerability details – vuln.today

Back

Google Chrome CVE-2026-11681

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code