CVE-2026-11063 · Insufficient validation of untrusted input in WebNN in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had com

01 · The Real Story

This is a trapdoor inside an unfinished side room, not the front door to your fleet

Google lists CVE-2026-11063 as Medium in the Chrome 149 desktop release notes, describing it only as *insufficient validation of untrusted input in WebNN*; the affected range is Chrome on Windows prior to 149.0.7827.53/54. The user-supplied CVSS text implies a far worse outcome, but the public vendor note does not describe this like a default-reachable, whole-browser RCE. Based on the truncated wording you supplied and common Chrome advisory phrasing, this likely sits in a post-renderer / privileged-process path rather than a clean one-click browser takeover.

The vendor-severity story in public sources does not match the 9.6 baseline you supplied: Google itself shipped this bug in the Medium bucket, not the Critical bucket. That downgrade makes sense in practice because the chain appears to require more than 'visit page, get owned': it is Windows-only, tied to WebNN, and WebNN exposure in enterprise Stable populations is much narrower than ordinary Blink/V8 attack surface.

"Paper-CRITICAL, real-world LOW: narrow Windows-only WebNN exposure and likely post-renderer chaining kill the urgency."

02 · The Attack Path

4 steps from start to impact.

STEP 01

Find a host where WebNN is actually reachable

The attacker needs a Windows Chrome target running a vulnerable build before 149.0.7827.53/54. More importantly, the WebNN surface must be exposed to the page, which in real deployments is far less universal than core browser surfaces and may depend on experimental feature enablement or trial exposure.

Conditions required:

Victim is on Windows
Chrome version is older than 149.0.7827.53/54
WebNN is reachable in that browser context

Where this breaks in practice:

Windows-only bug immediately removes macOS/Linux/Android fleet share
WebNN is not the same as core HTML/JS parsing; exposed population is materially smaller
Enterprise users rarely enable experimental browser features at scale

Detection/coverage: Version scanners can find old Chrome builds, but they usually cannot prove WebNN is exposed for the specific user/browser context.

STEP 02

Land malicious web content

The attacker still needs the victim to load a crafted page or embedded content that exercises the WebNN API path. This is standard browser delivery, but it is not enough by itself if the feature is unavailable in that runtime.

Conditions required:

Victim browses to attacker-controlled content
The page can invoke the relevant WebNN path

Where this breaks in practice:

User interaction is still in the chain per the supplied CVSS vector
Secure web gateways, DNS filtering, and browser isolation can reduce exposure to attacker-hosted pages

Detection/coverage: Network controls may log delivery, but there is no reliable perimeter signature for a browser-internal logic flaw like this.

STEP 03

Trigger the WebNN validation flaw

The crafted page feeds malicious input into the WebNN implementation and attempts to cross from renderer-controlled input into a more privileged execution path. Based on the wording fragment you supplied, the practical security value is likely as a chain component rather than a standalone exploit primitive.

Conditions required:

The specific vulnerable WebNN code path is hit
The malformed inputs survive earlier validation

Where this breaks in practice:

Google categorized the issue as Medium, which strongly suggests constrained exploitability or limited reachable impact
Issue details remain restricted, which means public weaponization is not obvious today

Detection/coverage: EDR generally sees the browser process tree, not the logical browser API misuse that causes the flaw.

STEP 04

Convert bug impact into meaningful compromise

To matter operationally, the attacker must turn the flaw into something durable: sandbox escape, code execution in a privileged process, or data theft with practical value. That is the decisive friction point. A browser-chain-only primitive on a niche surface is not the same as a fleet-wide pre-auth server RCE.

Conditions required:

Exploit reliability on real Windows hardware/browser builds
A useful post-trigger impact beyond a crash or bounded corruption

Where this breaks in practice:

Post-compromise chaining assumptions sharply reduce real-world prevalence
Browser sandboxing, CFG/CET, and modern exploit mitigations raise cost
No public exploitation evidence or KEV pressure

Detection/coverage: Behavioral EDR may catch follow-on payload execution if the bug is weaponized successfully, but not the root bug itself.

03 · Intelligence Metadata

The supporting signals.

In-the-wild status	No public evidence of active exploitation found; not in CISA KEV as of 2026-06-05.
Public PoC	No public PoC located. Public Chromium bug details appear restricted, which slows copy-paste weaponization.
EPSS	`0.00043` from the user-supplied intel; percentile was not provided, but the score itself is near floor.
KEV status	Not listed in the CISA KEV catalog.
Vendor severity reality check	Google's Chrome 149 desktop release note labels CVE-2026-11063 as Medium, which materially undercuts the supplied `9.6 Critical` baseline.
CVSS vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H` implies a one-click internet-reachable full-compromise story, but that looks overstated for the publicly described WebNN bug.
Affected versions	Chrome on Windows before `149.0.7827.53/54`.
Fixed version	Desktop Stable moved to `149.0.7827.53/54` for Windows/Mac on 2026-06-02. No distro-backport concept applies here like a server package.
Exposure population	This is client-side browser code, so Shodan/Censys/FOFA exposure counts are not meaningful. The real exposure question is endpoint inventory plus whether WebNN is reachable in-browser.
Disclosure / reporter	Publicly disclosed 2026-06-04. Google's release note credits this issue to Google and shows report date 2026-04-02.

04 · The Call

noisgate verdict.

Final Verdict

↓ DOWNGRADED to LOW (3.4/10)

The single biggest downgrade factor is reachability: this is a Windows-only WebNN bug on a comparatively niche browser surface, not a default-front-door flaw in core browsing code. The second factor is chain complexity: the supplied wording strongly suggests this is useful mainly as a post-renderer exploit step, and there is no active exploitation evidence pushing urgency back up.

HIGH Google publicly treated the bug as Medium rather than Critical

MEDIUM Real-world exposure is narrow because WebNN reachability in enterprise Chrome populations is limited

HIGH No KEV listing and no public exploitation evidence at time of assessment

Why this verdict

Major downward adjustment: likely post-compromise prerequisite — the supplied description fragment reads like Chrome's standard *'attacker who had compromised the renderer process'* wording, which means this is probably a chain component, not initial access.
Exposure is materially narrower than the CVSS suggests — Windows-only is already a slice of the browser fleet, and WebNN is a much smaller surface than Blink/V8/Network.
Threat intel is cold — no KEV, no public PoC, and an EPSS of 0.00043 do not support emergency treatment.

Why not higher?

A higher rating would require evidence that this is reliably reachable from an ordinary web page on default Chrome Stable populations, or evidence of live exploitation. We have neither. The public vendor treatment points the other way: Google bucketed it as Medium, which is not how Chrome flags a broadly weaponizable front-door browser RCE.

Why not lower?

I am not calling this IGNORE because browser-chain bugs can become valuable once paired with a renderer bug or a feature-exposure condition you did not know you had. It also sits in a privileged browser-adjacent area, so if you do have AI/browser experimentation rings on Windows, the consequence is still worth tracking and patching in normal cadence.

05 · Compensating Control

What to do — in priority order.

Force Chrome auto-update and relaunch compliance — Make sure Windows endpoints actually move to 149.0.7827.53/54 or later and users restart the browser so the patched binaries are loaded. For a LOW verdict there is no mitigation SLA; treat this as backlog hygiene and fold it into your normal browser-update enforcement cycle.
Shut off experimental browser exposure where possible — Review admin baselines, pilot rings, and developer workstations for chrome://flags usage or policies/processes that encourage experimental web-platform features. This matters most on Windows test populations; with a LOW verdict, do it during routine config hygiene rather than emergency change.
Use browser isolation for high-risk user groups — For users who routinely open untrusted links, browser isolation reduces the practical value of niche browser-chain bugs by moving risky rendering off the endpoint. This is a strategic control, not a same-day response, and belongs in your normal hardening program.

What doesn't work

A WAF does not help; the vulnerable component is the client browser, not a web app you own.
Internet-wide exposure scanning with Shodan/Censys/FOFA is irrelevant; this is endpoint/browser inventory work, not attack-surface census.
AV signatures for a named exploit are not enough because there is no public PoC or commodity exploit to match on today.

06 · Verification

Crowdsourced verification payload.

Run this on the target Windows endpoint as a normal user; admin rights are not required. Invoke it with powershell -ExecutionPolicy Bypass -File .\check-chrome-webnn-cve-2026-11063.ps1. The script checks installed Chrome versions and the current user's Chrome Local State for obvious WebNN / experimental flag exposure, then prints VULNERABLE, PATCHED, or UNKNOWN.

noisgate-verify.ps1

POWERSHELLREAD-ONLYSAFE

# check-chrome-webnn-cve-2026-11063.ps1

# Purpose: Assess likely exposure to CVE-2026-11063 on Windows Chrome.

# Output: VULNERABLE / PATCHED / UNKNOWN

# Exit codes: 0=PATCHED, 1=VULNERABLE, 2=UNKNOWN


$ErrorActionPreference = 'SilentlyContinue'

function Get-VersionObject {
    param([string]$Version)
    try { return [version]$Version } catch { return $null }
}

$fixed = Get-VersionObject '149.0.7827.53'
$chromePaths = @(
    "$env:ProgramFiles\Google\Chrome\Application\chrome.exe",
    "$env:ProgramFiles(x86)\Google\Chrome\Application\chrome.exe",
    "$env:LOCALAPPDATA\Google\Chrome\Application\chrome.exe"
) | Select-Object -Unique

$found = @()
foreach ($p in $chromePaths) {
    if (Test-Path $p) {
        $fv = (Get-Item $p).VersionInfo.FileVersion
        $vo = Get-VersionObject $fv
        if ($vo) {
            $found += [pscustomobject]@{ Path = $p; VersionString = $fv; Version = $vo }
        }
    }
}

if ($found.Count -eq 0) {
    Write-Output 'UNKNOWN'
    Write-Output 'Reason: Google Chrome executable not found in standard install paths.'
    exit 2
}

$allPatched = $true
$anyVulnerableVersion = $false
foreach ($item in $found) {
    if ($item.Version -lt $fixed) {
        $allPatched = $false
        $anyVulnerableVersion = $true
    }
}

if ($allPatched) {
    Write-Output 'PATCHED'
    $found | ForEach-Object { Write-Output ("Chrome: {0} [{1}]" -f $_.VersionString, $_.Path) }
    exit 0
}

# Check current user's Local State for obvious lab/experimental flags.

$localStatePath = Join-Path $env:LOCALAPPDATA 'Google\Chrome\User Data\Local State'
$flagEvidence = @()
if (Test-Path $localStatePath) {
    $raw = Get-Content -Raw -Path $localStatePath
    if ($raw -match 'WebMachineLearningNeuralNetwork') { $flagEvidence += 'WebMachineLearningNeuralNetwork' }
    if ($raw -match 'enable-experimental-web-platform-features') { $flagEvidence += 'enable-experimental-web-platform-features' }
    if ($raw -match 'webnn') { $flagEvidence += 'webnn' }
}

if ($anyVulnerableVersion -and $flagEvidence.Count -gt 0) {
    Write-Output 'VULNERABLE'
    $found | ForEach-Object { Write-Output ("Chrome: {0} [{1}]" -f $_.VersionString, $_.Path) }
    Write-Output ('Flag evidence: ' + ($flagEvidence | Select-Object -Unique -Join ', '))
    Write-Output 'Assessment: vulnerable version present and local profile shows experimental/WebNN-related exposure hints.'
    exit 1
}

Write-Output 'UNKNOWN'
$found | ForEach-Object { Write-Output ("Chrome: {0} [{1}]" -f $_.VersionString, $_.Path) }
Write-Output 'Assessment: vulnerable version present, but local checks did not prove WebNN reachability. Site-side origin trials and runtime conditions are not visible from this script.'
exit 2

07 · Bottom Line

If you remember one thing.

TL;DR

Monday morning: do not treat this like a CRITICAL browser fire drill. Put Windows Chrome on your normal update conveyor, verify endpoints land on 149.0.7827.53/54 or later, and specifically spot-check dev / AI / experimental browser rings where WebNN exposure is more plausible. For a LOW verdict there is noisgate mitigation SLA and noisgate remediation SLA is effectively backlog hygiene with no hard deadline, so document the downgrade rationale and clear it in your routine browser patch wave rather than burning emergency change windows.

Sources

Peer Review

What defenders are saying.

Submit a review attribution: handle + country only

0 flags selected · stored anonymously

Validation Results

Crowdsourced verification outputs.

Results submitted by users who ran the verification payload against their environment.