Chrome for iOS <=149.0.7827.53 Same-Origin Policy bypass: CVE-2026-11298 June 2026

Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

Vulnerability Analysis

CVE-2026-11298 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

LOW

Availability Impact:

NONE

Weakness Type

Origin Validation Error

The software does not properly verify that the source of data or communication is valid.

Products Associated with CVE-2026-11298

Want to know whenever a new CVE is published for Google Chrome? stack.watch will email you.

Affected Versions

Exploit Probability

EPSS

0.02%

Percentile

3.63%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Chrome for iOS <=149.0.7827.53 Same-Origin Policy bypassCVE-2026-11298 Published on June 4, 2026

Vulnerability Analysis

Weakness Type

Origin Validation Error

Products Associated with CVE-2026-11298

Affected Versions

Exploit Probability

Chrome for iOS <=149.0.7827.53 Same-Origin Policy bypass
CVE-2026-11298 Published on June 4, 2026