--:--:--UTC

Searching APEX

Starting…

  1. Searching Threats, IOCs & Threat Intelligence locally
  2. Querying external providers
  3. Asking AI Forensic Validator
  4. Creating new entry from validated hit

0s elapsed

CVE-2026-11308

📛 CVE Title

CVE-2026-11308

⬇ Download JSON

Description

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low)

Overview

State
PUBLISHED
Assigner (CNA)
Chrome
CVSS severity
CVSS score
CVSS vector
Effective score
no score available from CNA, NVD, or AI yet
CWE(s)
Reserved
2026-06-04
Published
2026-06-04 23:06 UTC
Last updated
2026-06-04 23:06 UTC
Source
https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/11xxx/CVE-2026-11308.json

NVD triage scoring NVD CVE 2.0

Layer NVD adds on top of the CNA's CVE record — published / last-modified timestamps, exploitability / impact subscores, and the FIRST.org EPSS probability that this CVE will be exploited in the wild in the next 30 days.

NVD published
2026-06-05 00:17:08 UTC
NVD last modified
2026-06-05 00:17:08 UTC

NVD / KEV / EPSS data refreshed 2026-06-05 09:25 UTC. Re-run the 🛰 Backfill from NVD button above to refresh.

AI-forensic CVSS estimate

Used only when a CVE has no official CVSS from its CNA or NVD. An LLM estimates the v3.1 base score from the description; a HIGH/CRITICAL estimate promotes the CVE to a Threat.

No AI estimate yet — it runs automatically once NVD has been checked, or click the button above.

European Union Vulnerability Database ENISA EUVD

ENISA's official EU repository for curated vulnerability intelligence. Carries a separate identifier (EUVD-YYYY-NNNN) and frequently exposes an earlier-published description + CVSS than NVD does.

EUVD ID
EUVD-2026-34769

EUVD enrichment is queued; refresh the page in a few seconds.

Affected products (1)
VendorProductVersionsPlatforms
Google Chrome 149.0.7827.53 (affected)

Remediations (10)

  • CVE-2026-11308 - Vulnerability Details - OpenCVE
    web:app.opencve.io

    Inappropriate implementation in Extensions in Google Chrome prior to 149..7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low)

    2026-06-05 11:25 UTC
  • CVE-2026-11308 - GitHub Advisory Database
    web:github.com

    Unreviewed Published Jun 5, 2026 to the GitHub Advisory Database • Updated Jun 5, 2026

    2026-06-05 11:25 UTC
  • Patch Tuesday, May 2026 Edition - Krebs on Security
    web:krebsonsecurity.com

    Microsoft expects that exploitation is more likely. May's Patch Tuesday is a welcome respite from April, which saw Microsoft fix a near-record 167 security flaws.

    2026-06-05 11:25 UTC
  • CVE-2026-11308 - vulmon.com
    web:vulmon.com

    Vulnerability details of CVE-2026-11308 CVE-2026-11308 - Privilege Escalation in Google Chrome Extensions Prior to 149..7827.53

    2026-06-05 11:25 UTC
  • CVE-2026-11308 - vulnerability database | Vulners.com
    web:vulners.com

    Vulners Cve CVE-2026-11308 CVE-2026-11308 🗓️ 04 Jun 2026 23:06:27 Reported by Chrome Type cve 🔗 www. cve .org 👁 1 Views

    2026-06-05 11:25 UTC
  • January 2026 Patch Tuesday: Updates and Analysis | CrowdStrike
    web:www.crowdstrike.com

    Microsoft has released security updates for 114 vulnerabilities, including three zero-days, plus eight critical CVEs in its January 2026 Patch Tuesday rollout.

    2026-06-05 11:25 UTC
  • March 2026 Patch Tuesday: Updates and Analysis | CrowdStrike
    web:www.crowdstrike.com

    Microsoft's March 2026 Patch Tuesday addresses 82 CVEs , featuring eight Critical vulnerabilities.

    2026-06-05 11:25 UTC
  • Oracle Critical Patch Update Advisory - April 2026
    web:www.oracle.com

    This Critical Patch Update contains 481 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at April 2026 Critical Patch Update: Executive Summary and Analysis.

    2026-06-05 11:25 UTC
  • CVE-2026-11308 | Tenable®
    web:www.tenable.com

    Inappropriate implementation in Extensions in Google Chrome prior to 149..7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low)

    2026-06-05 11:25 UTC
  • CVE-2026-11308 - Info Vulnerability - TheHackerWire
    web:www.thehackerwire.com

    How do I fix or mitigate CVE-2026-11308 ? To protect against CVE-2026-11308 , you should: (1) Apply the latest security patches from the vendor, (2) Check official security advisories for specific remediation steps, (3) Update affected software to the latest version, and (4) Monitor your systems for any signs of exploitation.

    2026-06-05 11:25 UTC

Vendor references (2)

References embedded in the original CVE record by the assigning CNA.

MITRE references (2) cveawg.mitre.org

Pulled from MITRE's CVE Services API by the 🛰 Backfill from MITRE button.

Web references (0)

DuckDuckGo results ranked by threat-intel / vendor advisory domains. Generated by the 🔎 Find references (web) button above — same flow as the Remediations search.

No web references attached yet.

NVD-tagged references (2)

Reference list NVD curates from the CNA record, vendor advisories, and third-party reports. The tag chips below are NVD's analyst-assigned categories.

AI Forensic Analysis

Only Available for Registered Users. Sign in to view.

Raw JSON

The full cvelistV5 record. Download as CVE-2026-11308.json.

{
  "containers": {
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "149.0.7827.53",
              "status": "affected",
              "version": "149.0.7827.53",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Inappropriate implementation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-04T23:06:27.943Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
        },
        {
          "url": "https://issues.chromium.org/issues/505945112"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-11308",
    "datePublished": "2026-06-04T23:06:27.943Z",
    "dateReserved": "2026-06-04T17:11:22.367Z",
    "dateUpdated": "2026-06-04T23:06:27.943Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}