CVE-2026-11221

Published: Jun 4, 2026Modified: Jun 5, 2026

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Insufficient validation of untrusted input in PointerLock in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html

Source: chrome-cve-admin@google.com

https://issues.chromium.org/issues/492211919

Source: chrome-cve-admin@google.com

Timeline

No history available yet.