CVE-2026-11282
📛 CVE Title
CVE-2026-11282
Description
Insufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Overview
- State
- PUBLISHED
- Assigner (CNA)
- Chrome
- CVSS severity
- —
- CVSS score
- —
- CVSS vector
- —
- Effective score
- no score available from CNA, NVD, or AI yet
- CWE(s)
- —
- Reserved
- 2026-06-04
- Published
- 2026-06-04 23:06 UTC
- Last updated
- 2026-06-04 23:06 UTC
- Source
- https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/11xxx/CVE-2026-11282.json
AI-forensic CVSS estimate
Used only when a CVE has no official CVSS from its CNA or NVD. An LLM estimates the v3.1 base score from the description; a HIGH/CRITICAL estimate promotes the CVE to a Threat.
No AI estimate yet — it runs automatically once NVD has been checked, or click the button above.
European Union Vulnerability Database ENISA EUVD
ENISA's official EU repository for curated vulnerability intelligence. Carries a separate identifier (EUVD-YYYY-NNNN) and frequently exposes an earlier-published description + CVSS than NVD does.
- EUVD ID
-
EUVD-2026-34743
EUVD enrichment is queued; refresh the page in a few seconds.
Affected products (1)
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Chrome |
149.0.7827.53 (affected)
|
— |
Remediations (10)
-
web:cybersecuritynews.com
Microsoft released its March 2026 Patch Tuesday security update on March 10, 2026 , addressing 78 vulnerabilities across Windows, Microsoft Office, Azure, SQL Server, and .NET. The update includes one actively exploited zero-day vulnerability and multiple Critical-rated flaws demanding immediate attention from security teams. The most urgent fix this month is CVE - 2026 -21262, the sole zero-day ...
2026-06-05 12:06 UTC -
web:cybersecuritynews.com
Microsoft's May 2026 Patch Tuesday lands with a heavy enterprise focus, fixing 120 vulnerabilities across Windows, Office, Azure, developer tools, and Microsoft 365 apps, including 29 remote code execution (RCE) flaws rated Critical.
2026-06-05 12:06 UTC -
web:krebsonsecurity.com
Microsoft expects that exploitation is more likely. May's Patch Tuesday is a welcome respite from April, which saw Microsoft fix a near-record 167 security flaws.
2026-06-05 12:06 UTC -
web:portal.msrc.microsoft.com
The Security Update Guide provides information on the latest Microsoft security updates, helping users understand and address potential vulnerabilities effectively.
2026-06-05 12:06 UTC -
web:support.servicenow.com
Overview The advisories below document publicly disclosed Common Vulnerabilities and Exposures ( CVEs ) in the Now Platform by ServiceNow. Because ServiceNow uses various methods to communicate vulnerability information, patches, and other fixes, customers should review family, security patch , and hotfix release notes, which are available at https://docs.servicenow.com, for a complete list of ...
2026-06-05 12:06 UTC -
web:www.crowdstrike.com
Microsoft has released security updates for 114 vulnerabilities, including three zero-days, plus eight critical CVEs in its January 2026 Patch Tuesday rollout.
2026-06-05 12:06 UTC -
web:www.crowdstrike.com
Microsoft has released security updates for 130 vulnerabilities, including 30 critical, in its May 2026 Patch Tuesday rollout.
2026-06-05 12:06 UTC -
web:www.oracle.com
This Critical Patch Update contains 481 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at April 2026 Critical Patch Update: Executive Summary and Analysis.
2026-06-05 12:06 UTC -
web:www.thehackerwire.com
What is CVE-2026-11282 ? How do I fix or mitigate CVE-2026-11282 ? To protect against CVE-2026-11282 , you should: (1) Apply the latest security patches from the vendor, (2) Check official security advisories for specific remediation steps, (3) Update affected software to the latest version, and (4) Monitor your systems for any signs of exploitation.
2026-06-05 12:06 UTC -
web:zecurit.com
Get the complete breakdown of Microsoft's June 2026 Patch Tuesday. We analyze the latest security updates and all critical CVEs .
2026-06-05 12:06 UTC
Vendor references (2)
References embedded in the original CVE record by the assigning CNA.
Web references (0)
DuckDuckGo results ranked by threat-intel / vendor advisory domains. Generated by the 🔎 Find references (web) button above — same flow as the Remediations search.
No web references attached yet.
AI Forensic Analysis
Only Available for Registered Users. Sign in to view.
Raw JSON
The full cvelistV5 record. Download as CVE-2026-11282.json.
{
"containers": {
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "149.0.7827.53",
"status": "affected",
"version": "149.0.7827.53",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Policy bypass",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T23:06:17.283Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/502023400"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-11282",
"datePublished": "2026-06-04T23:06:17.283Z",
"dateReserved": "2026-06-04T17:11:14.516Z",
"dateUpdated": "2026-06-04T23:06:17.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}