--:--:--UTC

Searching APEX

Starting…

  1. Searching Threats, IOCs & Threat Intelligence locally
  2. Querying external providers
  3. Asking AI Forensic Validator
  4. Creating new entry from validated hit

0s elapsed

CVE-2026-11286

📛 CVE Title

CVE-2026-11286

⬇ Download JSON

Description

Insufficient validation of untrusted input in Wallet in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Overview

State
PUBLISHED
Assigner (CNA)
Chrome
CVSS severity
CVSS score
CVSS vector
Effective score
no score available from CNA, NVD, or AI yet
CWE(s)
CWE-20
Reserved
2026-06-04
Published
2026-06-04 23:06 UTC
Last updated
2026-06-04 23:06 UTC
Source
https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/11xxx/CVE-2026-11286.json

NVD triage scoring NVD CVE 2.0

Layer NVD adds on top of the CNA's CVE record — published / last-modified timestamps, exploitability / impact subscores, and the FIRST.org EPSS probability that this CVE will be exploited in the wild in the next 30 days.

NVD published
2026-06-05 00:17:06 UTC
NVD last modified
2026-06-05 00:17:06 UTC

NVD / KEV / EPSS data refreshed 2026-06-05 00:38 UTC. Re-run the 🛰 Backfill from NVD button above to refresh.

AI-forensic CVSS estimate

Used only when a CVE has no official CVSS from its CNA or NVD. An LLM estimates the v3.1 base score from the description; a HIGH/CRITICAL estimate promotes the CVE to a Threat.

No AI estimate yet — it runs automatically once NVD has been checked, or click the button above.

European Union Vulnerability Database ENISA EUVD

ENISA's official EU repository for curated vulnerability intelligence. Carries a separate identifier (EUVD-YYYY-NNNN) and frequently exposes an earlier-published description + CVSS than NVD does.

EUVD ID
EUVD-2026-34747

EUVD enrichment is queued; refresh the page in a few seconds.

Affected products (1)
VendorProductVersionsPlatforms
Google Chrome 149.0.7827.53 (affected)

Remediations (10)

  • Microsoft and Adobe Patch Tuesday, May 2026 Security Update Review
    web:blog.qualys.com

    May 2026's Patch Tuesday arrives with Microsoft addressing a fresh set of vulnerabilities across its ecosystem, reinforcing the ongoing need for timely patching in an increasingly threat-heavy…

    2026-06-05 02:38 UTC
  • Microsoft Patch Tuesday May 2026 - 120 Vulnerabilities Fixed, Including ...
    web:cybersecuritynews.com

    Microsoft's May 2026 Patch Tuesday lands with a heavy enterprise focus, fixing 120 vulnerabilities across Windows, Office, Azure, developer tools, and Microsoft 365 apps, including 29 remote code execution (RCE) flaws rated Critical.

    2026-06-05 02:38 UTC
  • Microsoft's May 2026 Patch Tuesday - Hive Pro
    web:hivepro.com

    Summary Microsoft's May 2026 Patch Tuesday security update addresses 137 critical vulnerabilities across the Microsoft product ecosystem, representing a significant security update for enterprise and consumer environments.

    2026-06-05 02:38 UTC
  • Security Update Guide - Microsoft
    web:msrc.microsoft.com

    The Microsoft Security Response Center (MSRC) investigates all reports of security vulnerabilities affecting Microsoft products and services, and provides the information here as part of the ongoing effort to help you manage security risks and help keep your systems protected.

    2026-06-05 02:38 UTC
  • Portal for ArcGIS Security 2026 Update 1 Patch - Esri Support
    web:support.esri.com

    The C version of this patch also includes additional bug fixes not related to security, refer to the updated Issues Addressed with this Patch section for the latest details. April 20, 2026 : The 11.4 version of the Portal for ArcGIS Security 2026 Update 1 Patch is now available.

    2026-06-05 02:38 UTC
  • Oracle Critical Patch Update Advisory - April 2026
    web:www.oracle.com

    This Critical Patch Update contains 481 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at April 2026 Critical Patch Update: Executive Summary and Analysis.

    2026-06-05 02:38 UTC
  • Patch Tuesday May 2026 - PDQ
    web:www.pdq.com

    May 2026 Patch Tuesday is here, and PDQ is back with another recap. Will we see another month of increased CVE volume? Is AI to blame? Dive in to learn more.

    2026-06-05 02:38 UTC
  • VirusTotal - Home
    web:www.virustotal.com

    VirusTotal is a platform for scanning files and URLs for viruses, malware, and other threats using multiple antivirus engines.

    2026-06-05 02:38 UTC
  • Windows 11 April 2026 Update tested: What's new, improved and fixed
    web:www.windowslatest.com

    Windows 11 April 2026 update adds Narrator Copilot support, faster Settings, File Explorer fixes, and key security improvements.

    2026-06-05 02:38 UTC
  • Patch Tuesday June 2026: Security Updates & CVE Analysis
    web:zecurit.com

    Get the complete breakdown of Microsoft's June 2026 Patch Tuesday. We analyze the latest security updates and all critical CVEs .

    2026-06-05 02:38 UTC

Vendor references (2)

References embedded in the original CVE record by the assigning CNA.

MITRE references (2) cveawg.mitre.org

Pulled from MITRE's CVE Services API by the 🛰 Backfill from MITRE button.

Web references (0)

DuckDuckGo results ranked by threat-intel / vendor advisory domains. Generated by the 🔎 Find references (web) button above — same flow as the Remediations search.

No web references attached yet.

NVD-tagged references (2)

Reference list NVD curates from the CNA record, vendor advisories, and third-party reports. The tag chips below are NVD's analyst-assigned categories.

AI Forensic Analysis

Only Available for Registered Users. Sign in to view.

Raw JSON

The full cvelistV5 record. Download as CVE-2026-11286.json.

{
  "containers": {
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "149.0.7827.53",
              "status": "affected",
              "version": "149.0.7827.53",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient validation of untrusted input in Wallet in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Insufficient validation of untrusted input",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-04T23:06:18.874Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
        },
        {
          "url": "https://issues.chromium.org/issues/502110170"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-11286",
    "datePublished": "2026-06-04T23:06:18.874Z",
    "dateReserved": "2026-06-04T17:11:15.848Z",
    "dateUpdated": "2026-06-04T23:06:18.874Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}