HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-11010Published Modified CNA Chrome

CVE-2026-11010: Use after free in WebShare in Google Chrome on Android prior to 149

Use after free in WebShare in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Metrics

CVSS v3.1
8.3
Severity
HIGH
Fixed in
149.0.7827.53
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

Use-after-free in the WebShare component of Google Chrome for Android (versions prior to 149.0.7827.53) allows a remote attacker who has already compromised the renderer process to escape the browser sandbox via a crafted HTML page. The vulnerability is reachable over the network and requires the victim to visit a malicious page, but no authentication is needed. Successful exploitation gives the attacker full confidentiality, integrity, and availability impact outside the sandbox, effectively achieving code execution at the OS process level. A patched-image rebuild at version 149.0.7827.53 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in both registries and CI/CD pipelines, including custom-built Android or Chromium-based container images. Any image bundling a Chrome for Android build older than 149.0.7827.53 is flagged automatically.

Available
Triage

HarborGuard scores this CVE at 8.3 HIGH (CVSS v3.1) and weights it further based on each customer environment's compliance policy, such as stricter thresholds for internet-facing workloads or regulated data environments. Findings are routed to the appropriate team inbox within each customer organization based on the affected image ownership and policy configuration.

Available
Patch

A patched-image rebuild pinned to Chrome 149.0.7827.53 becomes available on HarborGuard the moment the fix version is indexed. For customers with auto-remediation enabled, HarborGuard runs a rebuild, executes a regression test suite against the updated image, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the crafted HTML page over the network, so the targeted device must be reachable from or browsing to an internet-accessible origin.

  • AuthenticationNot required

    No account or credential is needed; any user who browses to the attacker-controlled page is a viable target.

  • Victim interactionRequired

    The victim must open a crafted HTML page, meaning the attacker depends on social engineering or a malicious link to trigger exploitation.

  • Attack complexityDetail

    Attack complexity is HIGH, meaning the attacker must already have compromised the renderer process before the sandbox escape primitive can be leveraged, introducing a prerequisite step beyond simply serving the page.

Blast Radius

  • A successful sandbox escape lets the attacker read arbitrary data from the device, including stored credentials, session tokens, and application data outside the Chrome sandbox.
  • The attacker gains the ability to write or modify files and data accessible to the process that Chrome runs under on the Android device.
  • The attacker can crash or disrupt the Chrome process and any services accessible from that process context.
  • Because the scope is changed (S:C in the CVSS vector), impact extends beyond the browser sandbox to other components sharing the Android OS environment.

How HarborGuard Handles This

Available on HarborGuard: detection against this CVE is active for all customer images the moment the advisory is ingested, with no manual configuration required. For environments running a Chrome for Android image older than 149.0.7827.53, a rebuilt image at the fix version is available for immediate deployment. Where compliance policy permits auto-remediation, HarborGuard rebuilds the image, runs a regression test suite, and opens a pull request against the affected workload automatically; median time from CVE publication to a merged patch PR for HIGH-severity issues is around 90 minutes in environments with auto-remediation enabled. Given the sandbox-escape nature of this vulnerability and the HIGH CVSS score, teams that cannot immediately upgrade should consider network-policy controls that restrict which origins Chrome-based containers can reach, reducing the attacker's ability to deliver a crafted page to the renderer.

See how HarborGuard automates this

Fix available

149.0.7827.53
Affected packages
  • Google / Chrome
    < 149.0.7827.53 (from 149.0.7827.53)
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
References