CVEFinder.io

CVE-2026-11241

⚠️ high
🔍 Scan for this CVE
Summary

Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

CVSS Score
8.0
High
EPSS Score
0.0
Exploit Probability
Published Date
2026-06-05
First Seen: 2026-06-05
📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 77.5% of all 328,009 vulnerabilities in our database.

#73,816
Top 25% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: Jun 5, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-06-05
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-20

📦 Affected Products 1

Vendor Product Status Affected Versions
google chrome Affected
< 149.0.7827.53

🔗 References 2

https://chromereleases.googleblog.com/2026/06/stable...
Vendor Advisory
https://issues.chromium.org/issues/497203741
Permissions Required

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-12007 ⚠️ high 8.8 0.3 Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrar... 2026-06-11
CVE-2026-12008 ⚠️ high 8.3 0.2 Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromi... 2026-06-11
CVE-2026-12009 ⚠️ high 8.3 0.2 Insufficient validation of untrusted input in Accessibility in Google Chrome on Mac prior to 149.0.7827.115 allowed a re... 2026-06-11
CVE-2026-12010 ⚠️ high 8.3 0.2 Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compro... 2026-06-11
CVE-2026-12011 ⚠️ high 8.3 0.2 Use after free in WebMIDI in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromi... 2026-06-11
CVE-2026-12012 ⚠️ high 8.1 0.2 Use after free in Network in Google Chrome prior to 149.0.7827.115 allowed an attacker in a privileged network position ... 2026-06-11
These CVEs affect the same products