CVE-2026-11247: Insufficient policy enforcement in Google Chrome
CVE-2026-11247 is a vulnerability in Google Chrome on Android versions prior to 149. 0. 7827. 53 involving insufficient policy enforcement in the CustomTabs feature. This flaw allows a remote attacker to leak cross-origin data through a crafted HTML page. The Chromium security team has rated this issue as low severity. There is no CVSS score available, and no explicit vendor advisory states the patch status or remediation level. The vulnerability does not appear to have known exploits in the wild at this time.
AI Analysis
Technical Summary
This vulnerability arises from insufficient enforcement of security policies within the CustomTabs component of Google Chrome on Android before version 149.0.7827.53. An attacker can exploit this weakness by crafting a malicious HTML page that causes cross-origin data leakage. The issue is recognized by the Chromium security team with a low severity rating. The vendor advisory linked does not explicitly confirm patch availability or remediation details. The affected product is Google Chrome on Android, and the vulnerability is published and assigned CVE-2026-11247.
Potential Impact
The impact is limited to potential leakage of cross-origin data via the CustomTabs feature in affected Chrome versions on Android. This could expose sensitive information from other origins to an attacker-controlled page. The Chromium security team classifies this as a low severity issue, indicating limited risk or difficulty in exploitation. No known exploits have been reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html for current remediation guidance. Users should update Google Chrome on Android to version 149.0.7827.53 or later once the update is available. Until then, no specific mitigations are detailed by the vendor.
CVE-2026-11247: Insufficient policy enforcement in Google Chrome
Description
CVE-2026-11247 is a vulnerability in Google Chrome on Android versions prior to 149. 0. 7827. 53 involving insufficient policy enforcement in the CustomTabs feature. This flaw allows a remote attacker to leak cross-origin data through a crafted HTML page. The Chromium security team has rated this issue as low severity. There is no CVSS score available, and no explicit vendor advisory states the patch status or remediation level. The vulnerability does not appear to have known exploits in the wild at this time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises from insufficient enforcement of security policies within the CustomTabs component of Google Chrome on Android before version 149.0.7827.53. An attacker can exploit this weakness by crafting a malicious HTML page that causes cross-origin data leakage. The issue is recognized by the Chromium security team with a low severity rating. The vendor advisory linked does not explicitly confirm patch availability or remediation details. The affected product is Google Chrome on Android, and the vulnerability is published and assigned CVE-2026-11247.
Potential Impact
The impact is limited to potential leakage of cross-origin data via the CustomTabs feature in affected Chrome versions on Android. This could expose sensitive information from other origins to an attacker-controlled page. The Chromium security team classifies this as a low severity issue, indicating limited risk or difficulty in exploitation. No known exploits have been reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html for current remediation guidance. Users should update Google Chrome on Android to version 149.0.7827.53 or later once the update is available. Until then, no specific mitigations are detailed by the vendor.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Chrome
- Date Reserved
- 2026-06-04T17:11:03.303Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html","vendor":"Google"}]
Threat ID: 6a220edde29bf47b50de3792
Added to database: 6/4/2026, 11:48:45 PM
Last enriched: 6/5/2026, 12:34:22 AM
Last updated: 6/5/2026, 5:00:01 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.