Vulnerabilities ›

CVE-2026-11102

High

CWE-474 — Weakness Type

                    Published: Jun 4, 2026                      ·  Modified: Jun 10, 2026                      ·  Source: NVD                

CVSS v3

8.8

🔗 NVD Official

📄 Description (English)

Inappropriate implementation in Isolated Web Apps in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a malicious file. (Chromium security severity: Medium)

🤖 AI Executive Summary

CVE-2026-11102 is a sandbox escape vulnerability in Google Chrome's Isolated Web Apps that allows remote attackers to execute arbitrary code through malicious files. The vulnerability affects Chrome versions prior to 149.0.7827.53 and requires user interaction to exploit.

📄 Description (Arabic)

تحتوي هذه الثغرة على تطبيق غير صحيح في تطبيقات الويب المعزولة بـ Google Chrome مما يسمح للمهاجمين البعيدين بتنفيذ كود عشوائي داخل بيئة محمية. تؤثر الثغرة على إصدارات Chrome السابقة للإصدار 149.0.7827.53 وتتطلب تفاعل المستخدم.

🤖 ملخص تنفيذي (AI)

This vulnerability in Google Chrome's Isolated Web Apps allows remote attackers to execute arbitrary code within a sandbox environment using malicious files. Organizations using Chrome versions before 149.0.7827.53 are at risk of code execution attacks.

🤖 AI Intelligence Analysis Analyzed: Jun 9, 2026 01:32

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

government banking telecom healthcare

🎯 MITRE ATT&CK Techniques

T1203 T1211 T1499

⚖️ Saudi Risk Score (AI)

8.0

/ 10.0

🔧 Remediation Steps (English)

Update Google Chrome to version 149.0.7827.53 or later immediately. Disable Isolated Web Apps if not required. Implement application whitelisting and restrict file downloads from untrusted sources. Monitor Chrome processes for suspicious behavior.

🔧 خطوات المعالجة (العربية)

قم بتحديث Google Chrome إلى الإصدار 149.0.7827.53 أو أحدث فوراً. عطّل تطبيقات الويب المعزولة إذا لم تكن مطلوبة. طبّق قائمة بيضاء للتطبيقات وقيّد تنزيل الملفات من مصادر غير موثوقة. راقب عمليات Chrome للكشف عن السلوك المريب.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

2.1.1 2.2.1 3.1.1

🔵 SAMA CSF

ID.BE-1 PR.DS-1 DE.CM-1

🟡 ISO 27001:2022

A.12.2.1 A.12.6.1 A.14.2.1

🔗 References & Sources 2

🔗

https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html

chrome-cve-admin@google.com

Release Notes

🔗

https://issues.chromium.org/issues/500468338

chrome-cve-admin@google.com

Permissions Required

📦 Affected Products / CPE 1 entries

google:chrome

📊 CVSS Score

8.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionR — Required

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score8.8

CWECWE-474

EPSS0.09%

Exploit No

Patch ✗ No

Published 2026-06-04

Source Feed nvd

🇸🇦 Saudi Risk Score

8.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-474

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-11102

Introduce Yourself

Sign In Required