What is the CVSS score of CVE-2026-11690?

CVE-2026-11690 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Google Chrome are affected by CVE-2026-11690?

Google Chrome on macOS prior to version 149.0.7827.103 contains a vulnerability that could allow attackers to execute code and compromise employee systems if users visit a malicious webpage.. A patch is available.

How to fix or mitigate CVE-2026-11690?

Within 24 hours: Inventory Chrome versions on all macOS devices and enable automatic updates if not active. Within 7 days: Deploy Chrome 149.0.7827.103 or later across all macOS systems using your organization's software deployment tools. Within 30 days: Verify deployment completion and confirm all macOS devices are running patched Chrome versions.

Google Chrome CVE-2026-11690

EUVD-2026-35216 HIGH

Out-of-bounds Read (CWE-125)

2026-06-09 chrome-cve-admin@google.com

GHSA-4m7c-c75j-4g7g

Information Disclosure Google Buffer Overflow RCE Red Hat Suse

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

SUSE

CRITICAL

qualitative

Red Hat

8.0 HIGH

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Jun 09, 2026 - 02:38 vuln.today

CVSS changed

Jun 09, 2026 - 01:22 NVD

7.5 (HIGH)

CVE Published

Jun 09, 2026 - 00:16 nvd

UNKNOWN (no severity yet)

CVE Published

Jun 09, 2026 - 00:16 nvd

HIGH 7.5

DescriptionCVE.org

Out of bounds read and write in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

AnalysisAI

Sandbox-confined arbitrary code execution in Google Chrome on macOS versions prior to 149.0.7827.103 stems from an out-of-bounds read and write in the Media component, exploitable by a remote attacker who has already compromised the renderer process and lures a user to a crafted HTML page. Google rates the Chromium severity as High and has released a patched stable channel update; no public exploit identified at time of analysis, and SSVC reports no observed exploitation.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Compromise renderer via prior bug

Delivery

Lure user to crafted HTML page

Exploit

Deliver malicious media payload

Execution

Trigger out-of-bounds read/write in Media

Persist

Execute arbitrary code in sandbox

Impact

Chain with sandbox escape for host compromise

Access

Compromise renderer via prior bug

Delivery

Lure user to crafted HTML page

Exploit

Deliver malicious media payload

Execution

Trigger out-of-bounds read/write in Media

Persist

Execute arbitrary code in sandbox

Impact

Chain with sandbox escape for host compromise

Vulnerability AssessmentAI

Exploitation	Exploitation requires the attacker to have already compromised the Chrome renderer process on macOS (an explicit precondition in Google's description), the victim must be running a vulnerable Chrome build below 149.0.7827.103 on macOS specifically, and user interaction is needed to load a crafted HTML page containing the malicious media payload. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 7.5 (High) with vector AV:N/AC:H/PR:N/UI:R reflects meaningful real-world friction: the attack is network-reachable but requires high complexity, user interaction (visiting a crafted page), and - critically per the description - prior compromise of the renderer process, which the CVSS PR:N field arguably understates. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker who has already chained an initial renderer-process compromise (for example via a separate JavaScript engine bug) directs the victim browser to a crafted HTML page containing malicious media content that triggers the out-of-bounds read/write in the Media component, achieving arbitrary code execution within the sandboxed renderer. This bug would typically be paired with a sandbox escape to fully exfiltrate data or pivot onto the host. …
Remediation	Vendor-released patch: Google Chrome 149.0.7827.103 for macOS - update via the stable channel as documented at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html, then restart the browser to activate the new build. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory Chrome versions on all macOS devices and enable automatic updates if not active. …

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Critical

Product	Status
openSUSE Leap 16.0	Fixed
openSUSE Tumbleweed	Fixed

CVE-2026-11690 vulnerability details – vuln.today

Back

Google Chrome CVE-2026-11690

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code