How is CVE-2026-11103 exploited?

Network reachability (not-required): The attacker needs an existing shell or process on the host; no network access to the target service is required. Authentication (required): Any low-privilege local account is sufficient; no administrative credentials are needed to initiate the attack. Victim interaction (required): A user on the target system must take an action, such as running or interacting with the installer, for the malicious file to trigger the privilege escalation. Attack complexity (info): The exploit is reliable and condition-free; no race conditions or special environmental factors are required to succeed.

What is the impact of CVE-2026-11103?

The attacker gains full read access to sensitive files and data on the host system, including credentials and application secrets. The attacker can write or modify files and system configuration at the OS level, including replacing binaries or altering security settings. The attacker can crash or disable system services, including security tooling, leading to a full loss of availability for affected processes. Combined control over confidentiality, integrity, and availability means the host can be used as a foothold for further lateral movement within the environment.

Back to search

HIGHCVE-2026-11103Published 2026-06-04Modified 2026-06-06CNA Chrome

CVE-2026-11103: Inappropriate implementation in Installer in Google Chrome on Windows prior to 149

Inappropriate implementation in Installer in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)

CVSS v3.1: 7.3
Severity: HIGH
Fixed in: 149.0.7827.53
Affected Products: 1

HarborGuard Analysis

Synopsis

A local privilege escalation vulnerability exists in the installer component of Google Chrome on Windows in versions prior to 149.0.7827.53. An attacker who already has a low-privilege account on the host can place a malicious file to manipulate the installer's behavior, triggering a flaw that elevates their OS-level privileges. Successful exploitation gives the attacker high-level access to confidentiality, integrity, and availability of the system. A patched-image rebuild at version 149.0.7827.53 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-11103 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream feeds, including custom-built images that bundle Google Chrome on Windows base layers. Any image found carrying a Chrome version below 149.0.7827.53 is flagged immediately.

Available

Triage

HarborGuard triage capability surfaces this CVE with its CVSS v3.1 score of 7.3 (HIGH), weighted against each customer environment's compliance policy to determine urgency and routing. Findings are directed to the appropriate team inbox within each customer org based on policy configuration.

Available

Patch

A patched-image rebuild at Chrome version 149.0.7827.53 is available on HarborGuard for any environment where an affected image is detected. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityNot required
The attacker needs an existing shell or process on the host; no network access to the target service is required.
AuthenticationRequired
Any low-privilege local account is sufficient; no administrative credentials are needed to initiate the attack.
Victim interactionRequired
A user on the target system must take an action, such as running or interacting with the installer, for the malicious file to trigger the privilege escalation.
Attack complexityDetail
The exploit is reliable and condition-free; no race conditions or special environmental factors are required to succeed.

Blast Radius

The attacker gains full read access to sensitive files and data on the host system, including credentials and application secrets.
The attacker can write or modify files and system configuration at the OS level, including replacing binaries or altering security settings.
The attacker can crash or disable system services, including security tooling, leading to a full loss of availability for affected processes.
Combined control over confidentiality, integrity, and availability means the host can be used as a foothold for further lateral movement within the environment.

How HarborGuard Handles This

Available on HarborGuard: detection for this CVE is matched against all scanned images the moment the advisory is ingested from upstream feeds. For environments running Chrome-bundled Windows container images below version 149.0.7827.53, a patched rebuild at the fixed version is available. For customers who opt into auto-remediation, HarborGuard rebuilds the image, runs a regression test suite, and opens a pull request against affected workloads; the median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval, the finding is routed to the designated team inbox with the CVSS score and remediation options attached for review.

See how HarborGuard automates this

Fix available

149.0.7827.53

Affected packages

Google / Chrome
< 149.0.7827.53 (from 149.0.7827.53)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available