CVE-2026-11157
MediumCVSS 5.4Summary
In Google Chrome prior to version 149.0.7827.53, there was a script injection vulnerability in the accessibility feature. An attacker could convince a user to install a malicious extension, allowing the injection of arbitrary scripts or HTML.
Risk Assessment
This vulnerability poses a risk to users who may be exposed to malicious actions after installing unsafe extensions. It could lead to data theft or system compromise.
Recommendation
It is recommended to update Google Chrome to the latest version to mitigate this vulnerability. Users should also avoid installing unknown or suspicious extensions.
Original NVD description (English source)
Script injection in Accessibility in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML (UXSS) via a crafted Chrome Extension. (Chromium security severity: Medium)

