CVE-2026-11250 CRITICAL

Published: 2026-06-05 | Last Modified: 2026-06-05 | Status: Received

Description

Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)

CVSS Metrics

Base Score: 9.6 (CRITICAL)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	REQUIRED
Scope	CHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Type: Secondary

Exploitability Score: 2.8

Impact Score: 6.0

Weaknesses

Source	Type	Description
134c704f-9b21-4f2e-91b3-4a467353bcc0	Secondary	en CWE-416

References

https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html
Source: [email protected]
https://issues.chromium.org/issues/498281224
Source: [email protected]