Vulnerabilities ›

CVE-2026-10968

High

CWE-20 — Weakness Type

                    Published: Jun 4, 2026                      ·  Modified: Jun 10, 2026                      ·  Source: NVD                

CVSS v3

7.4

🔗 NVD Official

📄 Description (English)

Insufficient validation of untrusted input in Dawn in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

🤖 AI Executive Summary

CVE-2026-10968 is a high-severity vulnerability in Google Chrome's Dawn component on Windows that allows remote attackers with a compromised renderer process to leak cross-origin data through insufficient input validation. Organizations using Chrome versions prior to 149.0.7827.53 are at risk of data exfiltration attacks.

📄 Description (Arabic)

يؤثر هذا الضعف على مكون Dawn في Google Chrome على أنظمة Windows ويسمح لمهاجم بعد اختراق عملية العرض بتسرب البيانات من أصول مختلفة. يتطلب الهجوم وجود عملية عرض مخترقة بالفعل، مما يجعله جزءاً من سلسلة هجوم متعددة المراحل.

🤖 ملخص تنفيذي (AI)

This vulnerability affects Google Chrome on Windows systems and could allow attackers to access sensitive cross-origin data if the renderer process is compromised. Saudi organizations should update Chrome to version 149.0.7827.53 or later to mitigate this risk.

🤖 AI Intelligence Analysis Analyzed: Jun 9, 2026 02:19

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking telecom government healthcare

🎯 MITRE ATT&CK Techniques

T1190 T1203 T1566

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Update Google Chrome to version 149.0.7827.53 or later immediately. Implement renderer process isolation policies, disable untrusted extensions, and monitor for suspicious renderer process behavior. Apply Windows security updates and consider using Chrome Enterprise policies to enforce automatic updates across your organization.

🔧 خطوات المعالجة (العربية)

قم بتحديث Google Chrome إلى الإصدار 149.0.7827.53 أو أحدث فوراً. طبق سياسات عزل عملية العرض، وعطل الإضافات غير الموثوقة، ومراقبة السلوك المريب لعملية العرض. طبق تحديثات أمان Windows واستخدم سياسات Chrome Enterprise لفرض التحديثات التلقائية.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.13.1.1 A.14.2.1

🔵 SAMA CSF

ID.RA-1 PR.IP-1 PR.IP-12

🟡 ISO 27001:2022

A.12.2.1 A.14.2.1 A.14.2.5

🔗 References & Sources 2

🔗

https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html

chrome-cve-admin@google.com

Release Notes

🔗

https://issues.chromium.org/issues/511758373

chrome-cve-admin@google.com

Permissions Required

📦 Affected Products / CPE 1 entries

google:chrome

📊 CVSS Score

7.4

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionR — Required

ScopeC — Changed

ConfidentialityH — High

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity High

CVSS Score7.4

CWECWE-20

EPSS0.03%

Exploit No

Patch ✗ No

Published 2026-06-04

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-20

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-10968

Introduce Yourself

Sign In Required