CVE-2026-11284
📛 CVE Title
CVE-2026-11284
Description
Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Overview
- State
- PUBLISHED
- Assigner (CNA)
- Chrome
- CVSS severity
- —
- CVSS score
- —
- CVSS vector
- —
- Effective score
- no score available from CNA, NVD, or AI yet
- CWE(s)
-
CWE-1300 - Reserved
- 2026-06-04
- Published
- 2026-06-04 23:06 UTC
- Last updated
- 2026-06-04 23:06 UTC
- Source
- https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/11xxx/CVE-2026-11284.json
AI-forensic CVSS estimate
Used only when a CVE has no official CVSS from its CNA or NVD. An LLM estimates the v3.1 base score from the description; a HIGH/CRITICAL estimate promotes the CVE to a Threat.
No AI estimate yet — it runs automatically once NVD has been checked, or click the button above.
European Union Vulnerability Database ENISA EUVD
ENISA's official EU repository for curated vulnerability intelligence. Carries a separate identifier (EUVD-YYYY-NNNN) and frequently exposes an earlier-published description + CVSS than NVD does.
- EUVD ID
-
EUVD-2026-34745
EUVD enrichment is queued; refresh the page in a few seconds.
Affected products (1)
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Chrome |
149.0.7827.53 (affected)
|
— |
Remediations (10)
-
web:access.redhat.com
The mitigation methods below address both vulnerabilities that affect Red Hat products — CVE - 2026 -43284 (IPsec ESP) and CVE - 2026 -46300 (XFRM ESP-in-TCP). CVE - 2026 -43500 (rxrpc) does not affect Red Hat products and requires no mitigation .
2026-06-05 12:06 UTC -
web:blog.qualys.com
RedSun is a zero-day LPE in Microsoft Defender with no patch available. Learn how to detect and mitigate it instantly using Qualys VMDR and TruRisk™ Eliminate.
2026-06-05 12:06 UTC -
web:blog.qualys.com
Microsoft has rolled out its March 2026 Patch Tuesday updates, delivering a fresh batch of security fixes designed to keep Windows environments protected from emerging threats.
2026-06-05 12:06 UTC -
web:cyberpress.org
Microsoft's January 2026 Patch Tuesday release delivers fixes for 114 security vulnerabilities across its product ecosystem, including three zero-day flaws that require immediate attention from enterprise security teams. The substantial update addresses critical remote code execution vulnerabilities in core Windows services and Office applications, with particular emphasis on privilege ...
2026-06-05 12:06 UTC -
web:epatch.pa.gov
Why does PATCH exist? Its purpose is to better enable the public to obtain criminal history record checks. The repository was created and is maintained in accordance with Pennsylvania's Criminal History Information Act contained in Chapter 91 of Title 18, Crimes Code. This Act also directs the Pennsylvania State Police (PSP) to disseminate criminal history data to criminal justice agencies ...
2026-06-05 12:06 UTC -
web:patch.com
Elmhurst Latest Headlines: I-290 Closed As Bomb Squad Investigates: TV Station; Elmhurst Boy Wins Home Run Derby In Iowa; Want To Connect With Your Town? Advertise On Patch !
2026-06-05 12:06 UTC -
web:techcommunity.microsoft.com
Exchange Online is not impacted by this vulnerability. Mitigations Option 1 (recommended): Exchange Emergency Mitigation (EM) Service For customers who have the Exchange EM Service enabled, Microsoft released the automatic mitigation for Exchange Server 2016, 2019 and SE. The mitigation is already published and is enabled automatically.
2026-06-05 12:06 UTC -
web:www.cve.org
At cve .org, we provide the authoritative reference method for publicly known information-security vulnerabilities and exposures
2026-06-05 12:06 UTC -
web:www.leagueoflegends.com
League of Legends Patch 26.5 Notes Welcome to the official patch of First Stand, the first major international tournament of the year!
2026-06-05 12:06 UTC -
web:www.romhacking.net
Add temporary header() Patch file: Apply patch Original ROM: Modified ROM: Patch type: IPS BPS PPF UPS APS RUP Create patch Settings Rom Patcher JS v2.9 by Marc Robledo See on GitHub Donate Language English Français Deutsch Italiano Español Nederlands Svenska Català Valencià Português Brasileiro Russian 日本語 中文(简体) 中文 ...
2026-06-05 12:06 UTC
Vendor references (2)
References embedded in the original CVE record by the assigning CNA.
Web references (0)
DuckDuckGo results ranked by threat-intel / vendor advisory domains. Generated by the 🔎 Find references (web) button above — same flow as the Remediations search.
No web references attached yet.
AI Forensic Analysis
Only Available for Registered Users. Sign in to view.
Raw JSON
The full cvelistV5 record. Download as CVE-2026-11284.json.
{
"containers": {
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "149.0.7827.53",
"status": "affected",
"version": "149.0.7827.53",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1300",
"description": "Side-channel information leakage",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T23:06:18.114Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/502073069"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-11284",
"datePublished": "2026-06-04T23:06:18.114Z",
"dateReserved": "2026-06-04T17:11:15.167Z",
"dateUpdated": "2026-06-04T23:06:18.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}