CVE-2026-11296

Description

Inappropriate implementation in ImageCapture in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

Overview

State: PUBLISHED
Assigner (CNA): Chrome
CVSS severity: —
CVSS score: —
CVSS vector: —
Effective score: no score available from CNA, NVD, or AI yet
CWE(s): —
Reserved: 2026-06-04
Published: 2026-06-04 23:06 UTC
Last updated: 2026-06-04 23:06 UTC
Source: https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/11xxx/CVE-2026-11296.json

AI-forensic CVSS estimate

Used only when a CVE has no official CVSS from its CNA or NVD. An LLM estimates the v3.1 base score from the description; a HIGH/CRITICAL estimate promotes the CVE to a Threat.

No AI estimate yet — it runs automatically once NVD has been checked, or click the button above.

European Union Vulnerability Database ENISA EUVD

ENISA's official EU repository for curated vulnerability intelligence. Carries a separate identifier (EUVD-YYYY-NNNN) and frequently exposes an earlier-published description + CVSS than NVD does.

EUVD ID: EUVD-2026-34757

EUVD enrichment is queued; refresh the page in a few seconds.

Affected products (1)

Vendor	Product	Versions	Platforms
Google	Chrome	`149.0.7827.53` (affected)	—

Remediations (10)

RHSB-2026-003 Networking subsystem Privilege Escalation - Linux Kernel ...

web:access.redhat.com

The mitigation methods below address both vulnerabilities that affect Red Hat products — CVE - 2026 -43284 (IPsec ESP) and CVE - 2026 -46300 (XFRM ESP-in-TCP). CVE - 2026 -43500 (rxrpc) does not affect Red Hat products and requires no mitigation .

2026-06-05 12:05 UTC
[Updates] Patch Notes Version 1.07.00 | Crimson Desert

web:crimsondesert.pearlabyss.com

Updates Patch Notes Version 1.07.00 May 15, 2026 , 04:11 (UTC) Fellow Greymanes, Here are the fixes and improvements that have been added this patch .

2026-06-05 12:05 UTC
Pennsylvania Access To Criminal History - pa

web:epatch.pa.gov

Access Pennsylvania's criminal history records for employment, volunteering, or personal use through the state's online system.

2026-06-05 12:05 UTC
GitHub - ThirteenAG/GTAIV.EFLC.FusionFix: This project aims to fix or ...

web:github.com

This project aims to fix or address some issues in Grand Theft Auto IV: The Complete Edition - ThirteenAG/GTAIV.EFLC.FusionFix

2026-06-05 12:05 UTC
Patch 7.5 Notes | FINAL FANTASY XIV, The Lodestone

web:na.finalfantasyxiv.com

We are proud to present the patch notes for Trail to the Heavens, which sees the Warrior of Light and their companions begin to unravel the mysteries of the key. This patch also f

2026-06-05 12:05 UTC
Patch - Everything Local: Breaking News, Events, Discussions

web:patch.com

The best breaking news, stories, and events from the Patch network of local news sites

2026-06-05 12:05 UTC
Living With a Little Fox Girl - saikeystudios.com

web:saikeystudios.com

Care for a local shrine and befriend Mao, the fox girl who lives there. In this light-hearted simulation game, you'll have 30 days to balance your time between your tasks and building a relationship…

2026-06-05 12:05 UTC
Northern Roads Patch Collection - Nexus Mods

web:www.nexusmods.com

A collection of compatibility patches for JPSteel's Northern Roads.

2026-06-05 12:05 UTC
FL26 update 2.20 release notes - SmokePatch

web:www.pessmokepatch.com

SmokePatch Football Life: Download the latest version free for PC. updated rosters and content, enhanced graphics, and simulation gameplay.

2026-06-05 12:05 UTC
Synonyms and Antonyms of Words | Thesaurus.com

web:www.thesaurus.com

"Ain't I a Woman?" Looking to grow your vocabulary? Check out this interactive, curated word list from our team of English language specialists at Vocabulary.com - one of over 1

2026-06-05 12:05 UTC

Vendor references (2)

References embedded in the original CVE record by the assigning CNA.

Web references (0)

DuckDuckGo results ranked by threat-intel / vendor advisory domains. Generated by the 🔎 Find references (web) button above — same flow as the Remediations search.

No web references attached yet.

AI Forensic Analysis

Only Available for Registered Users. Sign in to view.

Raw JSON

The full cvelistV5 record. Download as CVE-2026-11296.json.

{
  "containers": {
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "149.0.7827.53",
              "status": "affected",
              "version": "149.0.7827.53",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Inappropriate implementation in ImageCapture in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Inappropriate implementation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-04T23:06:23.070Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
        },
        {
          "url": "https://issues.chromium.org/issues/502493950"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-11296",
    "datePublished": "2026-06-04T23:06:23.070Z",
    "dateReserved": "2026-06-04T17:11:18.625Z",
    "dateUpdated": "2026-06-04T23:06:23.070Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}