CVE-2026-11252: Policy bypass in Google Chrome
CVE-2026-11252 is a vulnerability in Google Chrome prior to version 149. 0. 7827. 53 where insufficient enforcement of Content Settings policies allows a remote attacker to bypass discretionary access controls using a crafted HTML page. The issue is classified with low severity by Chromium security. There is no CVSS score provided, and no known exploits in the wild have been reported. The vendor advisory linked does not explicitly confirm patch availability or remediation status.
AI Analysis
Technical Summary
This vulnerability involves insufficient policy enforcement within the Content Settings component of Google Chrome versions before 149.0.7827.53. An attacker can craft an HTML page that bypasses discretionary access control policies, potentially allowing unauthorized actions that should be restricted by these policies. The Chromium security team has rated this issue as low severity. The vulnerability was publicly disclosed on June 4, 2026. No CVSS score or detailed technical exploitation information is provided. The vendor advisory URL points to a stable channel update announcement but does not explicitly mention this specific vulnerability's patch status.
Potential Impact
The impact is a policy bypass that could allow a remote attacker to circumvent discretionary access controls in Chrome's Content Settings. This could lead to unauthorized access or actions that are normally restricted by user or administrator policies. However, the severity is considered low by the vendor, and no active exploitation has been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vulnerability affects Chrome versions prior to 149.0.7827.53, updating to version 149.0.7827.53 or later is advisable if the vendor advisory confirms the fix in that release. Monitor official Google Chrome release notes for explicit confirmation of remediation.
CVE-2026-11252: Policy bypass in Google Chrome
Description
CVE-2026-11252 is a vulnerability in Google Chrome prior to version 149. 0. 7827. 53 where insufficient enforcement of Content Settings policies allows a remote attacker to bypass discretionary access controls using a crafted HTML page. The issue is classified with low severity by Chromium security. There is no CVSS score provided, and no known exploits in the wild have been reported. The vendor advisory linked does not explicitly confirm patch availability or remediation status.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves insufficient policy enforcement within the Content Settings component of Google Chrome versions before 149.0.7827.53. An attacker can craft an HTML page that bypasses discretionary access control policies, potentially allowing unauthorized actions that should be restricted by these policies. The Chromium security team has rated this issue as low severity. The vulnerability was publicly disclosed on June 4, 2026. No CVSS score or detailed technical exploitation information is provided. The vendor advisory URL points to a stable channel update announcement but does not explicitly mention this specific vulnerability's patch status.
Potential Impact
The impact is a policy bypass that could allow a remote attacker to circumvent discretionary access controls in Chrome's Content Settings. This could lead to unauthorized access or actions that are normally restricted by user or administrator policies. However, the severity is considered low by the vendor, and no active exploitation has been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vulnerability affects Chrome versions prior to 149.0.7827.53, updating to version 149.0.7827.53 or later is advisable if the vendor advisory confirms the fix in that release. Monitor official Google Chrome release notes for explicit confirmation of remediation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Chrome
- Date Reserved
- 2026-06-04T17:11:05.166Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html","vendor":"Google"}]
Threat ID: 6a220edde29bf47b50de37a7
Added to database: 6/4/2026, 11:48:45 PM
Last enriched: 6/5/2026, 12:34:01 AM
Last updated: 6/5/2026, 4:59:01 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.