CVE-2026-11061 · Type Confusion in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a craf

01 · The Real Story

This is a cracked windshield in a speeding fleet car, not a self-driving pileup waiting to happen

CVE-2026-11061 is a memory-corruption flaw described as a *type confusion* issue in ANGLE, Chrome’s graphics translation layer used by WebGL and GPU-backed rendering paths. The affected population is Chrome desktop before 149.0.7827.53 on Linux and effectively before 149.0.7827.53/54 on Windows and macOS; in practice, anything below 149.0.7827.53 should be treated as exposed. A remote attacker would need to get a user onto crafted browser content that exercises the vulnerable graphics path.

Google calling this CRITICAL is understandable because browser-to-sandbox-boundary bugs are exactly the bugs offensive teams prize. But for enterprise prioritization, the vendor score overstates urgency: this is still a client-side, user-driven, build-specific exploit with no public exploitation evidence, no KEV listing, and a very low EPSS signal; reliability is also likely to vary across GPU drivers, OS builds, and rendering paths.

"Serious browser memory-corruption bug, but not a drop-everything Internet worm."

02 · The Attack Path

4 steps from start to impact.

STEP 01

Deliver malicious browser content

The attacker needs a user on a vulnerable Chrome build to load crafted content, most plausibly a malicious site or ad path that reaches WebGL/ANGLE code. The weaponized tool here is the content itself: a crafted HTML/JavaScript/WebGL page tuned to the target browser build and graphics stack.

Conditions required:

Target is running Chrome prior to 149.0.7827.53
User visits attacker-controlled or attacker-influenced web content
Relevant graphics features are reachable in the browsing session

Where this breaks in practice:

Requires user interaction rather than blind remote reachability
Web filtering, Safe Browsing, email security, and ad blocking reduce successful delivery
Attackers must care about browser version and often target profile

Detection/coverage: Network scanners will not find this. Coverage is mostly via browser version inventory, web telemetry, and phishing/ad-tech detections.

STEP 02

Reach ANGLE with crafted graphics operations

The malicious page then drives the browser into the vulnerable ANGLE path, likely through graphics-heavy API usage such as WebGL-backed rendering. The exploit tool is a browser-side memory-corruption primitive, not a commodity remote service exploit.

Conditions required:

ANGLE path is exercised on the target platform
The target GPU backend/driver combination behaves as expected for the exploit
The browser has not already been updated or restarted into a fixed build

Where this breaks in practice:

ANGLE bugs are often backend- and driver-sensitive
Crashiness is common before reliability is achieved
Some enterprise configs disable or restrict hardware acceleration for subsets of users

Detection/coverage: Browser crash telemetry and GPU-process crash spikes can be useful leading indicators, but signature-quality pre-exploit detection is weak.

STEP 03

Turn memory corruption into sandbox-boundary impact

If exploitation succeeds, the attacker abuses the type confusion to gain a meaningful primitive in or across a browser process boundary and attempt the advertised sandbox escape. This is the decisive technical step, and it is where real-world exploit reliability usually gets much harder than the CVSS number suggests.

Conditions required:

Exploit author has a reliable primitive for the specific build/platform
Target protections do not break the chain
The crafted content achieves stable corruption rather than a crash

Where this breaks in practice:

Modern Chrome, OS mitigations, and process isolation make stable exploitation materially harder
Per-platform exploit engineering raises attacker cost
A working primitive on one GPU/driver mix may fail on another

Detection/coverage: EDR may catch anomalous browser behavior, exploit-mitigation events, or suspicious child-process activity only after the exploit begins to execute.

STEP 04

Establish endpoint foothold

After a successful escape, the attacker still has to turn browser compromise into something durable on the host: credential theft, persistence, lateral movement, or follow-on execution. The weaponized tool at this phase is ordinary post-exploitation tradecraft, where endpoint controls matter much more than the browser bug label.

Conditions required:

Initial exploit lands on a user endpoint
Post-exploitation payload is not blocked
User context provides useful access

Where this breaks in practice:

EDR, application control, and least privilege contain blast radius
Non-admin user context limits host-level follow-on actions
Credential theft and persistence are noisier than initial browser exploitation

Detection/coverage: Strong EDR should detect suspicious browser child processes, injection, credential access attempts, or persistence writes far more reliably than the exploit itself.

03 · Intelligence Metadata

The supporting signals.

In-the-wild status	No public evidence of active exploitation found in reviewed sources as of 2026-06-08. User-supplied intel says KEV: No; the authoritative CISA KEV catalog does not presently indicate this CVE.
Proof-of-concept availability	No credible public PoC surfaced in the reviewed primary/major sources. That is a good sign, not a safety guarantee; Chrome bug details are often restricted until patch adoption improves.
EPSS	User-supplied EPSS is 0.00035. That is extremely low and is a strong downward pressure on urgency when there is no contrary exploitation evidence. See FIRST EPSS and API.
KEV status	Not KEV-listed as of 2026-06-08 based on the current CISA catalog. No CISA due date exists.
Vendor CVSS	9.6 / CRITICAL with vector `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H`. The important practical qualifier is `UI:R`: the attacker still needs the user to render attacker-controlled content.
Affected versions	Chrome desktop prior to 149.0.7827.53; Google release notes and downstream government advisories show fixed builds at 149.0.7827.53 for Linux and 149.0.7827.53/54 for Windows/macOS. See Chrome Releases and the Canadian Centre advisory.
Fixed versions	149.0.7827.53+ should be your operational floor; Windows/macOS also received 149.0.7827.54 in rollout. Treat anything below `.53` as vulnerable until proven otherwise.
Exposure reality	This is not meaningfully internet-scannable through Shodan/Censys/FOFA-style methods because it is a client browser flaw. Exposure is determined by endpoint fleet versioning, especially unmanaged laptops and stale VDI gold images.
Disclosure date	2026-06-04 from user-supplied intel, with downstream public advisories appearing 2026-06-02 to 2026-06-05 during rollout.
Reporter / bug detail state	Specific reporter attribution for this CVE was not recoverable from reviewed primary sources. Google notes that bug details may remain restricted until a majority of users are updated, which is standard Chrome practice.

04 · The Call

noisgate verdict.

Final Verdict

↓ DOWNGRADED to HIGH (8.1/10)

The single biggest downward pressure is that this is a client-side, user-driven browser exploit, not an unauthenticated service bug attackers can spray across your estate. It stays HIGH because Chrome is ubiquitous, the bug class is memory corruption in a high-value attack surface, and the claimed impact crosses an important browser containment boundary.

HIGH Affected version floor and patched build identification

MEDIUM Real-world exploitability assessment without full public bug details

HIGH No current KEV / no public active-exploitation signal in reviewed sources

Why this verdict

Start from vendor 9.6 because Chrome is massively deployed and ANGLE memory corruption sits in a prime drive-by attack surface.
Adjust down for attacker position: this is not internet-reachable server software; it requires a user endpoint running a vulnerable browser build to visit attacker-controlled content.
Adjust down for user interaction: UI:R is not cosmetic here. Delivery has to survive real-world controls like Safe Browsing, email filtering, ad blocking, and user behavior.
Adjust down for exploit engineering friction: ANGLE/GPU bugs tend to be backend-, driver-, and platform-sensitive, which narrows the fraction of fleets a single exploit works against reliably.
Adjust down for threat intel: no KEV listing, no public exploitation evidence found, and an EPSS of 0.00035 do not support a CRITICAL enterprise response.
Hold at HIGH, not MEDIUM: the advertised impact is a sandbox escape in a ubiquitous browser. If you own an endpoint team, that is still a serious patching problem.

Why not higher?

There is no credible public signal that this bug is being used in the wild right now, and the exploit path is not broadly reachable like a perimeter appliance RCE. The chain also depends on user interaction and likely on platform-specific exploit reliability across GPU stacks, which is exactly the kind of compounding friction that should pull a vendor CRITICAL down one bucket.

Why not lower?

This is still memory corruption in Chrome, one of the highest-value client targets in the enterprise. Even with exploit friction, the reachable population is large, the patch is already out, and a successful browser-to-sandbox-boundary compromise can become a real endpoint incident quickly.

05 · Compensating Control

What to do — in priority order.

Force browser update and restart — Push managed Chrome to 149.0.7827.53+ and enforce restart prompts or maintenance-window restarts. For a HIGH verdict, deploy this control within 30 days; in practice for browsers, do it much faster because version drift is the real exposure multiplier.
Quarantine stale endpoints from sensitive apps — Use device posture, MDM, NAC, or EDR policy to identify endpoints still below the fixed version and restrict access to high-value internal apps until updated. Apply this within 30 days to stop unmanaged or rarely rebooted systems from silently carrying the risk.
Reduce risky rendering surface for high-risk users — For admins, finance, execs, and research users, consider temporary Chrome policy controls such as disabling hardware acceleration or restricting WebGL where business impact is acceptable. Use it as a *targeted* risk-reduction step within 30 days, not a fleet-wide permanent answer.
Watch for browser exploit after-effects — Hunt for unusual Chrome child processes, injection into browser-related processes, sudden GPU-process crash spikes, and browser-launched credential theft behavior. Stand this monitoring up within 30 days because exploit prevention coverage is weaker than post-exploit detection.

What doesn't work

A WAF does not meaningfully help; this is a client browser bug, not a web application flaw on your server.
External attack-surface scanning does not find vulnerable endpoints because browser version exposure is an asset-inventory problem, not an internet-facing service problem.
MFA is valuable for follow-on account abuse but does nothing to stop the initial browser memory-corruption trigger.
Perimeter firewalls will not distinguish a malicious WebGL page from ordinary browsing traffic in a reliable way.

06 · Verification

Crowdsourced verification payload.

Run this on the target endpoint or via your software inventory/remote execution tool. Invoke it with python3 chrome_cve_2026_11061_check.py or python chrome_cve_2026_11061_check.py --version 149.0.7827.52; no admin rights are required unless your EDR blocks process discovery.

noisgate-verify.py

PYTHONREAD-ONLYSAFE

#!/usr/bin/env python3
# CVE-2026-11061 Chrome version check
# Exit codes:
#   0 = PATCHED
#   1 = VULNERABLE
#   2 = UNKNOWN / unable to determine

import argparse
import os
import platform
import re
import shutil
import subprocess
import sys
from pathlib import Path

FIXED = (149, 0, 7827, 53)


def parse_version(text):
    if not text:
        return None
    m = re.search(r'(\d+)\.(\d+)\.(\d+)\.(\d+)', text)
    if not m:
        return None
    return tuple(int(x) for x in m.groups())


def cmp_version(a, b):
    return (a > b) - (a < b)


def run_cmd(cmd):
    try:
        p = subprocess.run(cmd, capture_output=True, text=True, timeout=10)
        out = (p.stdout or '') + '\n' + (p.stderr or '')
        return out.strip()
    except Exception:
        return ''


def detect_linux():
    candidates = [
        'google-chrome', 'google-chrome-stable', 'chromium', 'chromium-browser'
    ]
    for bin_name in candidates:
        path = shutil.which(bin_name)
        if path:
            out = run_cmd([path, '--version'])
            ver = parse_version(out)
            if ver:
                return ver, f'{bin_name} ({path})'
    return None, None


def detect_macos():
    apps = [
        '/Applications/Google Chrome.app/Contents/MacOS/Google Chrome',
        str(Path.home() / 'Applications/Google Chrome.app/Contents/MacOS/Google Chrome'),
        '/Applications/Chromium.app/Contents/MacOS/Chromium'
    ]
    for app in apps:
        if os.path.exists(app):
            out = run_cmd([app, '--version'])
            ver = parse_version(out)
            if ver:
                return ver, app
    return None, None


def detect_windows():
    paths = [
        Path(os.environ.get('PROGRAMFILES', '')) / 'Google/Chrome/Application/chrome.exe',
        Path(os.environ.get('PROGRAMFILES(X86)', '')) / 'Google/Chrome/Application/chrome.exe',
        Path(os.environ.get('LOCALAPPDATA', '')) / 'Google/Chrome/Application/chrome.exe',
        Path(os.environ.get('PROGRAMFILES', '')) / 'Chromium/Application/chrome.exe',
        Path(os.environ.get('LOCALAPPDATA', '')) / 'Chromium/Application/chrome.exe',
    ]
    for p in paths:
        if p and p.exists():
            out = run_cmd([str(p), '--version'])
            ver = parse_version(out)
            if ver:
                return ver, str(p)
    return None, None


def main():
    parser = argparse.ArgumentParser(description='Check Chrome exposure to CVE-2026-11061')
    parser.add_argument('--version', help='Optional explicit version string, e.g. 149.0.7827.52')
    args = parser.parse_args()

    if args.version:
        ver = parse_version(args.version)
        source = 'user-supplied --version'
    else:
        system = platform.system().lower()
        ver = None
        source = None
        if 'linux' in system:
            ver, source = detect_linux()
        elif 'darwin' in system:
            ver, source = detect_macos()
        elif 'windows' in system:
            ver, source = detect_windows()

    if not ver:
        print('UNKNOWN - could not determine Chrome/Chromium version')
        sys.exit(2)

    print(f'Detected version: {".".join(map(str, ver))} via {source}')
    print(f'Fixed version floor: {".".join(map(str, FIXED))}')

    if cmp_version(ver, FIXED) >= 0:
        print('PATCHED')
        sys.exit(0)
    else:
        print('VULNERABLE')
        sys.exit(1)


if __name__ == '__main__':
    main()

07 · Bottom Line

If you remember one thing.

TL;DR

Monday morning, treat this as a fleet hygiene emergency, not a perimeter fire drill: inventory every managed endpoint still below 149.0.7827.53, force Chrome restarts, and isolate the laggards from sensitive apps if you cannot update them promptly. Under the noisgate mitigation SLA, compensating controls for this HIGH finding belong in place within 30 days; under the noisgate remediation SLA, the actual vendor patch belongs on all affected systems within 180 days — but because this is a browser and the fix already exists, any team that waits months is choosing avoidable exposure.

Sources

Peer Review

What defenders are saying.

Submit a review attribution: handle + country only

0 flags selected · stored anonymously

Validation Results

Crowdsourced verification outputs.

Results submitted by users who ran the verification payload against their environment.