CVE Catalog

CVE-2026-11035

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Summary

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to version 149.0.7827.53 allowed a local attacker to perform privilege escalation via a crafted XML file.

Risk Assessment

A local attacker could exploit this vulnerability to gain elevated privileges, potentially leading to unauthorized access to user data.

Recommendation

It is recommended to update Google Chrome to version 149.0.7827.53 or later to mitigate the risk associated with this vulnerability.

Original NVD description (English source)

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via a crafted XML file. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS