--:--:--UTC

Searching APEX

Starting…

  1. Searching Threats, IOCs & Threat Intelligence locally
  2. Querying external providers
  3. Asking AI Forensic Validator
  4. Creating new entry from validated hit

0s elapsed

CVE-2026-11298

📛 CVE Title

CVE-2026-11298

⬇ Download JSON

Description

Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

Overview

State
PUBLISHED
Assigner (CNA)
Chrome
CVSS severity
CVSS score
CVSS vector
Effective score
no score available from CNA, NVD, or AI yet
CWE(s)
Reserved
2026-06-04
Published
2026-06-04 23:06 UTC
Last updated
2026-06-04 23:06 UTC
Source
https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/11xxx/CVE-2026-11298.json

AI-forensic CVSS estimate

Used only when a CVE has no official CVSS from its CNA or NVD. An LLM estimates the v3.1 base score from the description; a HIGH/CRITICAL estimate promotes the CVE to a Threat.

No AI estimate yet — it runs automatically once NVD has been checked, or click the button above.

European Union Vulnerability Database ENISA EUVD

ENISA's official EU repository for curated vulnerability intelligence. Carries a separate identifier (EUVD-YYYY-NNNN) and frequently exposes an earlier-published description + CVSS than NVD does.

EUVD ID
EUVD-2026-34759

EUVD enrichment is queued; refresh the page in a few seconds.

Affected products (1)
VendorProductVersionsPlatforms
Google Chrome 149.0.7827.53 (affected)

Remediations (0)

No remediations stored yet — an automatic web search has been queued to a collection agent. Please wait while we search for remediations… this page reloads automatically when results arrive.

Vendor references (2)

References embedded in the original CVE record by the assigning CNA.

Web references (0)

DuckDuckGo results ranked by threat-intel / vendor advisory domains. Generated by the 🔎 Find references (web) button above — same flow as the Remediations search.

No web references attached yet.

AI Forensic Analysis

Only Available for Registered Users. Sign in to view.

Raw JSON

The full cvelistV5 record. Download as CVE-2026-11298.json.

{
  "containers": {
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "149.0.7827.53",
              "status": "affected",
              "version": "149.0.7827.53",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insufficient policy enforcement",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-04T23:06:23.887Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
        },
        {
          "url": "https://issues.chromium.org/issues/502503860"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-11298",
    "datePublished": "2026-06-04T23:06:23.887Z",
    "dateReserved": "2026-06-04T17:11:19.203Z",
    "dateUpdated": "2026-06-04T23:06:23.887Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}