Paint Component Side-Channel Leak in Chrome before 149.0.7827.53
CVE-2026-11289 Published on June 4, 2026

Side-channel information leakage in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

NVD

Weakness Type

Improper Protection Against Physical Side Channels

The product is missing protections or implements insufficient protections against information leakage through physical channels such as power consumption, electromagnetic emissions (EME), acoustic emissions, or other physical attributes.

Products Associated with CVE-2026-11289

Want to know whenever a new CVE is published for Google Chrome? stack.watch will email you.

Google Chrome

Affected Versions

Google Chrome:

Version 149.0.7827.53 and below 149.0.7827.53 is affected.

Paint Component Side-Channel Leak in Chrome before 149.0.7827.53CVE-2026-11289 Published on June 4, 2026

Weakness Type

Improper Protection Against Physical Side Channels

Products Associated with CVE-2026-11289

Affected Versions

Paint Component Side-Channel Leak in Chrome before 149.0.7827.53
CVE-2026-11289 Published on June 4, 2026