CVE-2026-11102 · Inappropriate implementation in Isolated Web Apps in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary cod

01 · The Real Story

This is a booby-trapped side door inside a locked annex, not the front gate to your fleet

CVE-2026-11102 affects Google Chrome versions before 149.0.7827.53 and sits in Isolated Web Apps (IWA). The published description says a remote attacker can get arbitrary code execution inside the Chrome sandbox by delivering a malicious file. That matters: this is not generic drive-by browser RCE against every tab; it is tied to the IWA feature set and a file-based trigger path.

The plain CVSS story overstates enterprise urgency. Yes, AV:N/AC:L/PR:N/UI:R plus code execution sounds nasty, but in real deployments the chain is squeezed by three big friction points: user interaction is mandatory, impact is contained to the sandbox, and IWA is a niche, admin-managed feature rather than the default Chrome browsing path. Chrome itself labeled this bug Medium in the June 2, 2026 stable advisory, and that better matches operational reality than the later 8.8 enrichment.

"This looks scary on paper, but the real blast radius is narrowed hard by niche IWA usage, file delivery, and sandbox-only code exec."

02 · The Attack Path

5 steps from start to impact.

STEP 01

Stage a malicious IWA-related file

The attacker needs a crafted file that exercises the vulnerable Isolated Web Apps code path. In practice this is a custom payload, not a turnkey exploit kit; no public Metasploit module or broadly circulated GitHub PoC was found as of 2026-06-06. The likely weaponization format is tied to IWA packaging or installation/update handling rather than ordinary web browsing.

Conditions required:

Attacker can deliver a malicious file to the target
Target uses a Chrome build earlier than 149.0.7827.53
Target has a reachable IWA workflow or related file handling path

Where this breaks in practice:

No public exploit tooling located
File-based delivery is noisier than one-click web exploitation
IWA is not the default execution path on most enterprise Chrome endpoints

Detection/coverage: Email gateways, browser download protections, EDR file telemetry, and content detonation should see delivery attempts better than they would for pure memory-corruption drive-bys.

STEP 02

Land on an IWA-capable endpoint

This prerequisite is the biggest downgrade factor. Google documents IWA as initially available only on Chrome Enterprise-managed ChromeOS devices and select partners, with allowlisting controlling which apps can be installed or updated. That means the attacker is not targeting 'Chrome everywhere'; they are targeting a comparatively narrow subset of managed deployments.

Conditions required:

Victim endpoint is in the IWA-supported population
IWA is enabled or relevant in the environment
Any required allowlist/admin policy conditions are already satisfied

Where this breaks in practice:

Most enterprises have far more standard browser users than IWA users
Admin-managed and allowlisted distribution sharply limits exposure
Many Windows/macOS/Linux Chrome endpoints are likely irrelevant to this specific bug path

Detection/coverage: Endpoint inventory and Chrome enterprise policy data are the best coverage; internet scanners like Shodan/Censys/FOFA do not meaningfully enumerate browser-feature exposure.

STEP 03

Convince the user to open or process it

The CVSS vector and CVE text both imply user interaction. The attacker still has to get a person to open, install, import, or otherwise process the malicious file in an IWA-related flow. That is classic social-engineering territory, and modern enterprises have several choke points here.

Conditions required:

User opens the delivered file or follows the attacker-controlled workflow
Chrome Safe Browsing or local controls do not block the file first

Where this breaks in practice:

Requires human action
Download reputation, attachment controls, and user training reduce success rate
Managed Chrome policies can constrain app install and file handling behavior

Detection/coverage: Good telemetry from mail gateways, web proxies, Safe Browsing events, and EDR can catch the handoff from delivery to execution.

STEP 04

Gain code execution inside the Chrome sandbox

If the exploit lands, the documented impact is arbitrary code execution inside a sandbox. That is meaningful, but it is not host compromise by itself. The attacker still has to live within browser sandbox limits unless they chain another privilege-escalation or sandbox-escape bug.

Conditions required:

Exploit reliably triggers the vulnerable code path
Target environment does not have mitigations that crash or contain the process first

Where this breaks in practice:

Sandbox containment cuts blast radius
A second bug is typically needed for full workstation takeover
Crash-heavy exploitation is easier to notice operationally

Detection/coverage: EDR child-process, abnormal browser process behavior, crash spikes, and browser exploit-prevention detections can catch post-trigger behavior.

STEP 05

Chain for real endpoint compromise

To turn this into a true fleet-level emergency, an attacker usually needs a follow-on sandbox escape, privilege escalation, or credential theft path. None of that is evidenced in the public record for this CVE. Without that second stage, the practical impact is much lower than the bare CVSS suggests.

Conditions required:

Attacker has or finds a compatible post-sandbox chain
Local defenses fail to block the next step

Where this breaks in practice:

No public exploit chain showing host escape was found
Post-exploitation options are narrower from inside the sandbox
Modern EDR should create another detection opportunity

Detection/coverage: Look for browser-to-system escape patterns: spawned binaries, persistence attempts, suspicious IPC, token abuse, and lateral-movement tooling after browser crashes or file-open events.

03 · Intelligence Metadata

The supporting signals.

In-the-wild status	No public evidence of active exploitation found as of 2026-06-06. The CVE enrichment shown via Vulnrichment/SSVC marks Exploitation: none.
KEV status	Not listed in the CISA Known Exploited Vulnerabilities catalog as checked on 2026-06-06.
Proof-of-concept availability	No public PoC or weaponized repo located in current search results. Expect any working exploit to be private/custom for now.
EPSS	EPSS provided in your intel is 0.00033. That is effectively floor-level exploitation probability; percentile was not verified from a primary FIRST data pull during this assessment.
CVSS vs vendor reality	The enriched score is 8.8 / HIGH with `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`, but Google's Chrome stable advisory labels CVE-2026-11102 as Medium. That mismatch is a major reason for the downgrade.
Affected versions	Google Chrome < 149.0.7827.53. Chrome stable rolled as 149.0.7827.53 for Linux and 149.0.7827.53/54 for Windows and Mac.
Fixed version	Patch to 149.0.7827.53+. On Windows/Mac, builds 149.0.7827.53/54 are the fixed stable releases; on Linux, 149.0.7827.53.
Exposure population	This is the real limiter: Isolated Web Apps are a niche, admin-managed feature. Google states the initial launch is limited to Chrome Enterprise administered ChromeOS devices and select partners, with allowlisting governing installs/updates.
Scanning/exposure data	No meaningful Shodan/Censys/FOFA exposure metric applies here because this is a client-side browser feature, not an internet-facing service. Use endpoint inventory, Chrome management telemetry, and policy data instead.
Disclosure / reporting	Published 2026-06-04 in the CVE record; the Chrome stable advisory on 2026-06-02 lists it as reported by Google on 2026-04-07.

04 · The Call

noisgate verdict.

Final Verdict

↓ DOWNGRADED to MEDIUM (5.4/10)

The single most decisive factor is population narrowing: this bug sits in Isolated Web Apps, which Google documents as an admin-managed, initially ChromeOS-focused feature rather than a universally reachable Chrome path. The second decisive factor is sandbox-only code execution; without a follow-on escape, this is not the host-level emergency implied by an 8.8 score.

HIGH Affected-version and fix-version identification

HIGH Assessment that IWA exposure is materially narrower than general Chrome deployment

MEDIUM Exact exploit path details, because the Chromium issue remains restricted

Why this verdict

Baseline correction: the 8.8 score models generic browser RCE inputs, but Google's own stable-channel advisory tagged this CVE Medium, which already hints the raw CVSS is not telling the whole deployment story.
Population is tiny compared with 'all Chrome': exploitation requires the Isolated Web Apps feature path, and Google says initial IWA availability is for Chrome Enterprise-managed ChromeOS and allowlisted deployments. That moves this from internet-scale browser risk to a much narrower subset.
Attacker path needs user action: the vector includes UI:R and the description calls out a malicious file. That implies phishing, file delivery, and user processing rather than silent drive-by compromise.
Impact stops at the sandbox: the published description is explicit about arbitrary code execution inside a sandbox. For real workstation takeover, an attacker normally needs a second-stage sandbox escape or local privilege escalation.
Threat intel is cold: no KEV listing, no public exploitation evidence, and EPSS 0.00033 all push down on urgency.

Why not higher?

If this were a normal browsing-path bug with no user interaction and evidence of active exploitation, it would stay high. It does not. The combination of IWA-only reachability, file interaction, and sandboxed impact makes the 8.8 label too aggressive for enterprise patch triage.

Why not lower?

I did not push this to LOW because the end state is still code execution, and browser bugs remain useful footholds when paired with social engineering. Also, some organizations do use managed ChromeOS and high-trust app models; in those pockets, the bug is real and worth fixing on a normal cycle.

05 · Compensating Control

What to do — in priority order.

Constrain IWA deployment — Limit Isolated Web Apps to approved, allowlisted apps only and review whether the feature is needed at all. For a MEDIUM verdict there is no noisgate mitigation SLA; if you choose to harden, do it opportunistically while heading straight to remediation within 365 days.
Block untrusted file delivery paths — Tighten mail and web controls around uncommon browser-app package types and suspicious downloads so the malicious file never reaches users. There is no mitigation SLA for MEDIUM; treat this as hardening that can be batched with your normal browser-control work.
Enforce managed Chrome policies — Use enterprise browser policy to restrict app installs, update lag, and risky user-controlled workflows that could process attacker-supplied content. For this MEDIUM assessment, align policy cleanup with the 365-day remediation window rather than treating it as an emergency block.
Watch for browser crash and file-open anomalies — Hunt for clusters of Chrome crashes, unusual file-open events, and browser process anomalies on managed ChromeOS or other IWA-relevant populations. This is best deployed as detection engineering during the normal remediation window, since there is no mitigation SLA here.

What doesn't work

A network perimeter scan will not help; this is a client-side browser feature issue, not an exposed daemon you can find on the wire.
WAF rules are mostly irrelevant because the trigger is described as a malicious file, not a server-side web request path you can sanitize upstream.
MFA does nothing for the exploit trigger itself; it may help elsewhere in the kill chain, but it will not stop a user from opening a hostile file in a vulnerable browser.

06 · Verification

Crowdsourced verification payload.

Run this on the target endpoint or via your endpoint management agent. Invoke it as python3 check_chrome_cve_2026_11102.py with standard user rights; it auto-detects Chrome on Windows, macOS, and Linux and prints VULNERABLE, PATCHED, or UNKNOWN based on whether the installed version is earlier than 149.0.7827.53.

noisgate-verify.py

PYTHONREAD-ONLYSAFE

#!/usr/bin/env python3
# check_chrome_cve_2026_11102.py
# Purpose: Check local Google Chrome version against CVE-2026-11102 fixed version.
# Output: VULNERABLE / PATCHED / UNKNOWN
# Exit codes: 0=PATCHED, 1=VULNERABLE, 2=UNKNOWN

import os
import platform
import re
import subprocess
import sys

FIXED = (149, 0, 7827, 53)


def parse_version(text):
    if not text:
        return None
    m = re.search(r'(\d+)\.(\d+)\.(\d+)\.(\d+)', text)
    if not m:
        return None
    return tuple(int(x) for x in m.groups())


def run_cmd(cmd):
    try:
        p = subprocess.run(cmd, capture_output=True, text=True, timeout=10)
        if p.returncode == 0:
            return (p.stdout or p.stderr).strip()
    except Exception:
        pass
    return None


def get_windows_version():
    cmds = [
        ["reg", "query", r"HKLM\Software\Google\Chrome\BLBeacon", "/v", "version"],
        ["reg", "query", r"HKCU\Software\Google\Chrome\BLBeacon", "/v", "version"],
        ["powershell", "-NoProfile", "-Command", "(Get-ItemProperty 'HKLM:\\Software\\Google\\Chrome\\BLBeacon' -ErrorAction SilentlyContinue).version"],
        ["powershell", "-NoProfile", "-Command", "(Get-ItemProperty 'HKCU:\\Software\\Google\\Chrome\\BLBeacon' -ErrorAction SilentlyContinue).version"]
    ]
    for cmd in cmds:
        out = run_cmd(cmd)
        v = parse_version(out)
        if v:
            return v
    return None


def get_macos_version():
    paths = [
        "/Applications/Google Chrome.app/Contents/Info.plist",
        os.path.expanduser("~/Applications/Google Chrome.app/Contents/Info.plist")
    ]
    for p in paths:
        if os.path.exists(p):
            out = run_cmd(["/usr/bin/defaults", "read", p.replace("/Contents/Info.plist", ""), "CFBundleShortVersionString"])
            v = parse_version(out)
            if v:
                return v
    return None


def get_linux_version():
    bins = [
        "google-chrome",
        "google-chrome-stable",
        "chromium-browser",
        "chromium"
    ]
    for b in bins:
        out = run_cmd([b, "--version"])
        v = parse_version(out)
        if v:
            return v
    return None


def cmp_versions(a, b):
    return (a > b) - (a < b)


def main():
    system = platform.system().lower()
    version = None

    if "windows" in system:
        version = get_windows_version()
    elif "darwin" in system:
        version = get_macos_version()
    elif "linux" in system:
        version = get_linux_version()
    else:
        print("UNKNOWN - Unsupported platform: {}".format(platform.system()))
        sys.exit(2)

    if not version:
        print("UNKNOWN - Could not determine installed Chrome/Chromium version")
        sys.exit(2)

    version_str = ".".join(str(x) for x in version)
    fixed_str = ".".join(str(x) for x in FIXED)

    if cmp_versions(version, FIXED) < 0:
        print("VULNERABLE - Installed version {} is earlier than fixed version {}".format(version_str, fixed_str))
        sys.exit(1)
    else:
        print("PATCHED - Installed version {} is at or newer than fixed version {}".format(version_str, fixed_str))
        sys.exit(0)


if __name__ == "__main__":
    main()

07 · Bottom Line

If you remember one thing.

TL;DR

Monday morning, do not treat this like a top-of-pile browser fire drill across 10,000 hosts. First, use endpoint inventory to identify any ChromeOS / managed Chrome populations using Isolated Web Apps and confirm who is still below 149.0.7827.53. Because this is a MEDIUM reassessment and there is noisgate mitigation SLA — go straight to the 365-day remediation window, you do not need an emergency block unless your environment actively uses IWA in a sensitive workflow. Apply any optional hardening during normal browser policy work, and complete the actual Chrome update within the noisgate remediation SLA of ≤365 days; if you discover a concentrated IWA-dependent business unit, patch that subset on an accelerated local schedule even though the fleet-wide rating stays MEDIUM.

Sources

Peer Review

What defenders are saying.

Submit a review attribution: handle + country only

0 flags selected · stored anonymously

Validation Results

Crowdsourced verification outputs.

Results submitted by users who ran the verification payload against their environment.