CVE-2026-11091 · Inappropriate implementation in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds

01 · The Real Story

This is a sharp edge inside Chrome’s graphics engine, not an open front door to your estate

CVE-2026-11091 is an *inappropriate implementation* flaw in Chrome’s Dawn component, the WebGPU implementation behind navigator.gpu. A malicious site can drive vulnerable code paths with crafted HTML/JavaScript and potentially reach out-of-bounds behavior. Affected builds are Chrome before 149.0.7827.53; Google’s June 2, 2026 stable rollout lists 149.0.7827.53 for Linux and 149.0.7827.53/.54 for Windows and macOS as fixed, with Android inheriting the same desktop security fixes in 149.0.7827.59.

The supplied 8.8/HIGH CVSS reads like a generic browser memory-bug worst case, but reality is narrower. Google’s own Chrome release notes classified this CVE as Medium, there is no KEV listing, the provided EPSS is 0.00035, no public exploit chain was found, and meaningful impact still depends on user navigation plus reliable WebGPU/Dawn exploitation inside Chrome’s sandboxed multi-process model. For an enterprise patch queue, that is not nonsense risk, but it is also not front-of-line over server-side RCE or actively exploited browser zero-days.

"Drive-by reachable, but this looks more like a crash/leak primitive than a ready-made enterprise compromise"

02 · The Attack Path

4 steps from start to impact.

STEP 01

Land the victim on attacker-controlled web content

The attacker uses a custom HTML/JavaScript page as the weaponized delivery vehicle; no named public exploit kit or repo was found for this CVE. The victim must browse to that page, typically via phishing, malvertising, compromised sites, or embedded third-party content.

Conditions required:

Target is running Chrome below 149.0.7827.53
User opens attacker-controlled or attacker-influenced content
Enterprise web controls do not block the destination

Where this breaks in practice:

Requires user interaction (UI:R), which immediately narrows reach
Secure email gateways, URL filtering, browser isolation, and ad blocking all cut delivery volume
This is endpoint/client-side exposure, not an always-on internet service

Detection/coverage: Proxy/SWG logs and browser isolation telemetry can usually see delivery. Traditional network vuln scanners will not.

STEP 02

Reach the Dawn/WebGPU code path

The page then exercises WebGPU through navigator.gpu to hit Dawn. Chrome’s own documentation states WebGPU is available only in secure contexts and may be unavailable when blocklisted or disabled, so the exploit has to land on a device/browser combination where WebGPU is actually reachable.

Conditions required:

WebGPU is enabled and exposed on the endpoint
The site is delivered in a secure context
GPU/driver or software rendering path supports the necessary feature path

Where this breaks in practice:

WebGPU can be unavailable due to blocklist, policy, hardware support, or command-line disabling
Driver and platform variance hurts exploit portability and reliability
Some enterprise baselines disable advanced graphics features for high-risk populations

Detection/coverage: Look for chrome://gpu state during triage, browser crash telemetry, and GPU process exceptions. Exposure inventory must come from endpoint config, not perimeter scans.

STEP 03

Trigger out-of-bounds behavior in Dawn

If the crafted WebGPU sequence succeeds, the attacker may induce out-of-bounds access or related memory safety failure in Dawn or adjacent graphics handling. The practical first outcome is often crash, renderer/GPU process instability, or a weak memory primitive rather than deterministic host compromise.

Conditions required:

The vulnerable code path is hit exactly
Heap/process state lines up for useful corruption or disclosure
Chrome mitigations do not collapse exploit reliability

Where this breaks in practice:

Chrome sandboxing, modern memory mitigations, and multi-process separation raise the bar
Out-of-bounds access does not automatically equal stable RCE
No public PoC or in-the-wild exploitation was found to show reliable weaponization

Detection/coverage: EDR and crash-reporting systems can catch repeated chrome.exe/GPU-process crashes, access violations, or abnormal renderer resets. Signature coverage for a nonpublic exploit is otherwise thin.

STEP 04

Convert browser bug into meaningful enterprise impact

To move from browser-side corruption to enterprise-grade compromise, the attacker usually needs either a strong same-process execution primitive or a second bug for sandbox escape or persistence. Without that second-stage evidence, blast radius stays centered on the browser session and the individual endpoint.

Conditions required:

Attacker obtains more than a crash or read primitive
A second-stage exploit or post-exploitation route is available
Endpoint controls fail to stop follow-on activity

Where this breaks in practice:

No evidence here of an active exploit chain, sandbox escape, or campaign use
EDR, application control, and browser sandboxing should break many follow-on attempts
Impact is mostly single-user/single-endpoint unless chained

Detection/coverage: Watch for unusual browser child-process creation, broker abuse, credential theft tooling, or suspicious post-browser execution. This is where EDR should earn its keep.

03 · Intelligence Metadata

The supporting signals.

In-the-wild status	No evidence found of active exploitation for this CVE. A targeted search of CISA KEV for `CVE-2026-11091` returned no entry, so any exploitation claim would be speculation.
KEV status	Not KEV-listed as of 2026-06-05 based on CISA catalog search results.
Proof-of-concept availability	No public PoC located in web/GitHub searches for `CVE-2026-11091`, `exploit`, or `poc`. Google notes bug details may stay restricted until most users are patched.
EPSS	0.00035 from the supplied intel, which is extremely low and consistent with a bug that is not yet showing attacker traction.
Vendor severity mismatch	Your intel block says HIGH 8.8, but Google’s Chrome release notes list CVE-2026-11091 as Medium. That mismatch is the biggest reason to downgrade the queue priority.
CVSS vector readout	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H` means drive-by reachable with user interaction required. The vector assumes high end-state impact, but it does not capture the real friction of WebGPU availability, browser sandboxing, and exploit chaining.
Affected versions	Chrome prior to 149.0.7827.53. Practically: vulnerable on desktop before the June 2, 2026 stable release; Android inherits the same desktop security fixes in 149.0.7827.59.
Fixed versions	Google lists fixes in 149.0.7827.53 (Linux) and 149.0.7827.53/.54 (Windows/macOS). Android release notes say desktop-equivalent security fixes are in 149.0.7827.59.
Exposure/scanning reality	This is not an internet-scannable server flaw. Shodan/Censys-style edge exposure data is mostly irrelevant here; only niche exposed Chrome remote-debugging endpoints are scan-friendly, and that is a different problem.
Disclosure and reporter	Published 2026-06-04 in CVE feeds; Google’s stable notes show it was reported by Google on 2026-04-07.

04 · The Call

noisgate verdict.

Final Verdict

↓ DOWNGRADED to MEDIUM (5.9/10)

The decisive downward pressure is that this is a client-side browser bug that still requires user navigation into a specific WebGPU/Dawn path, not an unauthenticated service an attacker can hammer directly across your fleet. With no KEV entry, no public PoC, very low EPSS, and no evidence of a working exploit chain, the enterprise risk is materially below a generic 8.8 browser-memory-bug label.

HIGH Downgrade from supplied HIGH/8.8 baseline

MEDIUM Assessment that practical impact is usually crash/leak/weak primitive unless chained

HIGH No current exploitation evidence or KEV status

Why this verdict

Vendor baseline adjusted down: Google’s own Chrome release notes label this CVE Medium, which is more credible for Chrome internals than a generic external CVSS label.
User interaction required: the attacker needs a victim to visit hostile content, which means phishing, malvertising, or content injection has to work first.
Feature-path narrowing: exploitation depends on reaching Dawn/WebGPU, not just any browser tab. WebGPU availability varies by platform, policy, blocklist state, and hardware/driver path.
Blast radius is endpoint-local: even if triggered, this lands inside Chrome’s sandboxed browser architecture and usually needs chaining for durable host compromise or lateral enterprise impact.
Threat intel is cold: no KEV listing, no public PoC found, and the supplied EPSS 0.00035 argues against near-term mass exploitation pressure.

Why not higher?

If this were actively exploited, had a public reliable PoC, or were a proven sandbox escape, the score would rise fast. Likewise, a WebGPU/Dawn bug with demonstrated code execution across current Chrome builds would deserve a HIGH or CRITICAL patch slot; this record does not show that.

Why not lower?

It is still a remotely reachable client-side Chrome bug in a massive deployment surface, and browsers are attacker-favorite initial-access targets. Even without exploitation evidence, drive-by exposure plus potential out-of-bounds behavior is too much risk to wave away as LOW or IGNORE.

05 · Compensating Control

What to do — in priority order.

Enforce Chrome auto-update and relaunch compliance — Make sure managed Chrome endpoints actually cross the fixed build line and are not sitting on pending restarts. For a MEDIUM verdict there is no mitigation SLA — go straight to the 365-day remediation window, but browsers should be cleaned up far earlier through normal enterprise update enforcement.
Disable WebGPU for exception groups — For high-risk users, kiosks, unmanaged VDI pools, or systems that cannot move off vulnerable builds cleanly, use Chrome enterprise policy or platform controls to turn off WebGPU/Dawn exposure. There is no mitigation SLA for this severity bucket, so use it as a targeted temporary control while you close remaining vulnerable endpoints inside the remediation window.
Route risky browsing through isolation or stronger URL filtering — Browser isolation, SWG category blocking, and malvertising suppression reduce the odds that users ever hit the crafted page needed to trigger the bug. With a MEDIUM reassessment, treat this as risk reduction for exposed populations rather than an emergency all-hands mitigation.
Watch for browser crash clusters — Repeated GPU-process or renderer crashes on the same cohort can be your only early clue of exploit development or noisy probing. Add a short-term detection lens for abnormal Chrome crash spikes while your patch telemetry catches up.

What doesn't work

MFA does not stop a malicious page from hitting a vulnerable browser code path.
Perimeter vulnerability scans will not find this reliably because the exposure is the browser endpoint, not an internet-facing listening service.
Server-side WAF rules do little here unless they happen to block the exact delivery site; the exploit logic executes in the client browser.
Generic AV signatures are weak against custom HTML/JavaScript exploit attempts when no public exploit artifact exists yet.

06 · Verification

Crowdsourced verification payload.

Run this on the target endpoint or in your endpoint management tool as a local script. Invoke with python3 check_chrome_cve_2026_11091.py on macOS/Linux or py check_chrome_cve_2026_11091.py on Windows; no admin rights are normally required, though Windows registry reads may work best in a standard user session with access to installed-app keys.

noisgate-verify.py

PYTHONREAD-ONLYSAFE

#!/usr/bin/env python3
# check_chrome_cve_2026_11091.py
# Exit codes:
#   0 = PATCHED
#   1 = VULNERABLE
#   2 = UNKNOWN

import os
import platform
import re
import shutil
import subprocess
import sys

FIXED = (149, 0, 7827, 53)


def parse_version(text):
    m = re.search(r'(\d+)\.(\d+)\.(\d+)\.(\d+)', text)
    if not m:
        return None
    return tuple(int(x) for x in m.groups())


def cmp_ver(a, b):
    return (a > b) - (a < b)


def run_cmd(cmd):
    try:
        out = subprocess.check_output(cmd, stderr=subprocess.DEVNULL, text=True)
        return out.strip()
    except Exception:
        return None


def windows_version():
    candidates = []
    try:
        import winreg
        reg_paths = [
            (winreg.HKEY_CURRENT_USER, r"Software\Google\Chrome\BLBeacon", "version"),
            (winreg.HKEY_LOCAL_MACHINE, r"Software\Google\Chrome\BLBeacon", "version"),
            (winreg.HKEY_LOCAL_MACHINE, r"Software\WOW6432Node\Google\Chrome\BLBeacon", "version"),
        ]
        for hive, path, name in reg_paths:
            try:
                key = winreg.OpenKey(hive, path)
                val, _ = winreg.QueryValueEx(key, name)
                candidates.append(str(val))
            except Exception:
                pass
    except Exception:
        pass

    exe_paths = [
        os.path.expandvars(r"%ProgramFiles%\Google\Chrome\Application\chrome.exe"),
        os.path.expandvars(r"%ProgramFiles(x86)%\Google\Chrome\Application\chrome.exe"),
        os.path.expandvars(r"%LocalAppData%\Google\Chrome\Application\chrome.exe"),
    ]
    for p in exe_paths:
        if p and os.path.exists(p):
            out = run_cmd([p, "--version"])
            if out:
                candidates.append(out)

    for c in candidates:
        v = parse_version(c)
        if v:
            return v, c
    return None, None


def unix_version():
    commands = [
        ["google-chrome", "--version"],
        ["google-chrome-stable", "--version"],
        ["chromium", "--version"],
        ["chromium-browser", "--version"],
        ["/Applications/Google Chrome.app/Contents/MacOS/Google Chrome", "--version"],
    ]
    for cmd in commands:
        exe = cmd[0]
        if os.path.isabs(exe) or shutil.which(exe):
            out = run_cmd(cmd)
            if out:
                v = parse_version(out)
                if v:
                    return v, out
    return None, None


def main():
    system = platform.system().lower()
    if "windows" in system:
        version, raw = windows_version()
    else:
        version, raw = unix_version()

    if not version:
        print("UNKNOWN - Chrome version not found")
        sys.exit(2)

    if cmp_ver(version, FIXED) < 0:
        print(f"VULNERABLE - detected version {'.'.join(map(str, version))} < 149.0.7827.53")
        sys.exit(1)
    else:
        print(f"PATCHED - detected version {'.'.join(map(str, version))} >= 149.0.7827.53")
        sys.exit(0)


if __name__ == "__main__":
    main()

07 · Bottom Line

If you remember one thing.

TL;DR

Monday morning: treat this as browser hygiene with visibility, not an emergency war room. Under the noisgate mitigation SLA there is no mitigation SLA — go straight to the 365-day remediation window; operationally, verify that managed Chrome fleets have already auto-moved to 149.0.7827.53+ and use WebGPU disablement only for stubborn exception groups. Under the noisgate remediation SLA, all remaining vulnerable endpoints should be on the vendor-fixed build within 365 days, but because Chrome updates are low-friction, your real job this week is finding stragglers, pending restarts, and policy-blocked updaters rather than over-prioritizing this above exploited or server-side flaws.

Sources

Peer Review

What defenders are saying.

Submit a review attribution: handle + country only

0 flags selected · stored anonymously

Validation Results

Crowdsourced verification outputs.

Results submitted by users who ran the verification payload against their environment.