--:--:--UTC

Searching APEX

Starting…

  1. Searching Threats, IOCs & Threat Intelligence locally
  2. Querying external providers
  3. Asking AI Forensic Validator
  4. Creating new entry from validated hit

0s elapsed

CVE-2026-11301

📛 CVE Title

CVE-2026-11301

⬇ Download JSON

Description

Inappropriate implementation in LiveCaption in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via malicious network traffic. (Chromium security severity: Low)

Overview

State
PUBLISHED
Assigner (CNA)
Chrome
CVSS severity
CVSS score
CVSS vector
Effective score
no score available from CNA, NVD, or AI yet
CWE(s)
CWE-125
Reserved
2026-06-04
Published
2026-06-04 23:06 UTC
Last updated
2026-06-04 23:06 UTC
Source
https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/11xxx/CVE-2026-11301.json

AI-forensic CVSS estimate

Used only when a CVE has no official CVSS from its CNA or NVD. An LLM estimates the v3.1 base score from the description; a HIGH/CRITICAL estimate promotes the CVE to a Threat.

No AI estimate yet — it runs automatically once NVD has been checked, or click the button above.

European Union Vulnerability Database ENISA EUVD

ENISA's official EU repository for curated vulnerability intelligence. Carries a separate identifier (EUVD-YYYY-NNNN) and frequently exposes an earlier-published description + CVSS than NVD does.

EUVD ID
EUVD-2026-34762

EUVD enrichment is queued; refresh the page in a few seconds.

Affected products (1)
VendorProductVersionsPlatforms
Google Chrome 149.0.7827.53 (affected)

Remediations (10)

  • Update Software, Mitigation M1051 - Enterprise | MITRE ATT&CK®
    web:attack.mitre.org

    WSUS: Manage and deploy Microsoft updates across the organization. ManageEngine Patch Manager Plus: Automate patch deployment for OS and third-party apps. Ansible: Automate updates across multiple platforms, including Linux and Windows. Vulnerability Scanning Tools: OpenVAS: Open-source vulnerability scanning to identify missing patches.

    2026-06-05 12:05 UTC
  • Mitigate RedSun Zero-Day Without A Patch | Qualys
    web:blog.qualys.com

    Key Takeaways RedSun is a critical zero-day vulnerability in Microsoft Defender that allows low-privileged users to gain SYSTEM access No patch is currently available, leaving all Defender-enabled Windows systems potentially exposed Qualys VMDR detects affected assets instantly (QID 92382) TruRisk™ Eliminate enables immediate mitigation , removing exploitability without waiting for a fix ...

    2026-06-05 12:05 UTC
  • Microsoft Patch Tuesday April 2026 - 168 Vulnerabilities Fixed ...
    web:cybersecuritynews.com

    Microsoft has released its April 2026 Patch Tuesday security update, addressing 168 vulnerabilities across its product portfolio including one actively exploited zero-day and one publicly disclosed flaw that organizations must prioritize immediately.

    2026-06-05 12:05 UTC
  • Patch Tuesday, April 2026 Edition - Krebs on Security
    web:krebsonsecurity.com

    For a clickable, per- patch breakdown, check out the SANS Internet Storm Center Patch Tuesday roundup. Running into problems applying any of these updates?

    2026-06-05 12:05 UTC
  • Security Update Guide - Microsoft
    web:msrc.microsoft.com

    The Microsoft Security Response Center (MSRC) investigates all reports of security vulnerabilities affecting Microsoft products and services, and provides the information here as part of the ongoing effort to help you manage security risks and help keep your systems protected.

    2026-06-05 12:05 UTC
  • Cisco Unified Communications Manager Server-Side Request Forgery ...
    web:sec.cloudapps.cisco.com

    A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit ...

    2026-06-05 12:05 UTC
  • Patch Tuesday Vulnerability Insights - Action1
    web:www.action1.com

    This Patch Tuesday, Microsoft fixed a total of 74 vulnerabilities, nine critical fixes, and two zero-days. Explore this issue also for updates about fixes for Microsoft Office and Intel Processors in Windows OS fixes, TPM 2.0, Google Chrome, Jenkins, Veeam and Android.

    2026-06-05 12:05 UTC
  • April 2026 Patch Tuesday: Updates and Analysis | CrowdStrike
    web:www.crowdstrike.com

    Microsoft's April 2026 Patch Tuesday addresses 164 CVEs , featuring 8 Critical vulnerabilities, one exploited zero-day, and one disclosed zero-day.

    2026-06-05 12:05 UTC
  • Oracle Critical Patch Update Advisory - April 2026
    web:www.oracle.com

    Customers are strongly advised to apply the April 2026 Critical Patch Update for Fusion Middleware products, which includes patches for this Alert as well as additional patches. Affected Products and Patch Information Security vulnerabilities addressed by this Critical Patch Update affect the products listed below.

    2026-06-05 12:05 UTC
  • Vulnerability Remediation vs. Mitigation: What are the Differences ...
    web:www.secure.com

    Remediation fully removes a vulnerability by fixing its root cause — through a patch , code fix , or system replacement. Mitigation reduces the risk of exploitation without removing the flaw itself, using controls like network segmentation or access restrictions.

    2026-06-05 12:05 UTC

Vendor references (2)

References embedded in the original CVE record by the assigning CNA.

Web references (0)

DuckDuckGo results ranked by threat-intel / vendor advisory domains. Generated by the 🔎 Find references (web) button above — same flow as the Remediations search.

No web references attached yet.

AI Forensic Analysis

Only Available for Registered Users. Sign in to view.

Raw JSON

The full cvelistV5 record. Download as CVE-2026-11301.json.

{
  "containers": {
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "149.0.7827.53",
              "status": "affected",
              "version": "149.0.7827.53",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Inappropriate implementation in LiveCaption in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via malicious network traffic. (Chromium security severity: Low)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "Out of bounds read",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-04T23:06:25.156Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
        },
        {
          "url": "https://issues.chromium.org/issues/504180386"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-11301",
    "datePublished": "2026-06-04T23:06:25.156Z",
    "dateReserved": "2026-06-04T17:11:20.269Z",
    "dateUpdated": "2026-06-04T23:06:25.156Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}