CVE-2026-11241

8.0 HIGH

Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segme...

Published: 2026-06-05 · Last updated: 2026-06-05

Severity and scoring

CVSS: 8.0 HIGH
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-20

Affected products

Vendor	Product
google	chrome

Description

Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-11241
[Vendor advisory]https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html
[Other]https://issues.chromium.org/issues/497203741

Related CVEs

Same vendor

CVE-2026-11701 — Inappropriate implementation in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via ... (5.4 MEDIUM)
CVE-2026-11700 — Use after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to ... (8.3 HIGH)
CVE-2026-11699 — Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corrupt... (8.8 HIGH)
CVE-2026-11698 — Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corrupt... (8.8 HIGH)
CVE-2026-11697 — Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perfor... (9.6 CRITICAL)

Same CWE

CVE-2026-47370 — A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain... (9.9 CRITICAL)
CVE-2026-47369 — A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain... (9.9 CRITICAL)
CVE-2026-47367 — A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Ent... (9.9 CRITICAL)
CVE-2026-12034 — Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 149.0.7827.115 allowed a remote at... (8.3 HIGH)
CVE-2026-12025 — Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromi... (5.3 MEDIUM)