CVE-2026-10938 - Vulnerability Details

Inappropriate implementation in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Chrome

No data.

References

Link	Providers
https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html
https://issues.chromium.org/issues/502681591

History

Fri, 05 Jun 2026 03:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google Google chrome
Vendors & Products		Google Google chrome

Fri, 05 Jun 2026 02:15:00 +0000

Type	Values Removed	Values Added
Title		Chrome Renderer Process Attack Bypasses Site Isolation

Thu, 04 Jun 2026 23:15:00 +0000

Type	Values Removed	Values Added
Description		Inappropriate implementation in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
Weaknesses		CWE-20
References		https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/502681591

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2026-06-04T23:03:46.935Z

Updated: 2026-06-04T23:03:46.935Z

Reserved: 2026-06-04T17:06:10.789Z

Link: CVE-2026-10938

Vulnrichment

No data.

NVD

Status : Undergoing Analysis

Published: 2026-06-04T23:16:56.337

Modified: 2026-06-05T15:02:34.977

Link: CVE-2026-10938

Redhat

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object