CVE-2026-11238

Published: Jun 5, 2026Modified: Jun 5, 2026

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Low)

Affected (1)

Products: Google: Chrome

1 product

Configuration A

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Google Chrome	Before 149.0.7827.53

Running on/with	Platform Versions
Apple Macos	All versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html

Source: chrome-cve-admin@google.com

Vendor Advisory

https://issues.chromium.org/issues/496705691

Source: chrome-cve-admin@google.com

Permissions Required

Timeline

No history available yet.