CVE-2026-11185: Use after free in V8 in Google Chrome prior to 149
Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. (Chromium security severity: Medium)
Metrics
- CVSS v3.1
- 8.1
- Severity
- HIGH
- Fixed in
- 149.0.7827.53
- Affected Products
- 1
HarborGuard Analysis
Synopsis
Use-after-free in the V8 JavaScript engine inside Google Chrome (versions prior to 149.0.7827.53) allows a remote attacker to execute arbitrary code within Chrome's sandbox. The vulnerability is reachable over the network and requires no authentication, but the attacker must convince the target user to install a malicious Chrome extension. Successful exploitation gives the attacker arbitrary code execution inside the browser sandbox, with high-confidence access to sensitive browser data and the ability to tamper with page content. A patched-image rebuild at version 149.0.7827.53 is available on HarborGuard for environments running an affected version.
HarborGuard Coverage
Detection of CVE-2026-11185 is available across every HarborGuard environment; the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built images that bundle a Chromium or Chrome binary.
AvailableHarborGuard is capable of scoring this CVE at CVSS 8.1 (High) and weighting it against each environment's compliance policy to surface it at the appropriate priority level; routing to the correct team inbox within each customer organization is handled automatically based on image ownership metadata.
AvailableA patched-image rebuild at Chrome 149.0.7827.53 is available on HarborGuard for any image found to include an affected Chrome or Chromium version. For customers who opt into auto-remediation, HarborGuard is capable of triggering a rebuild, running a regression test suite, and opening a pull request against the affected workload automatically.
AvailableExploit Conditions
- Network reachabilityRequired
The attacker delivers the malicious extension or convinces the user to install it via an over-the-network vector, so the target's browser must be reachable or actively browsing.
- AuthenticationNot required
No account credentials or prior authentication to any service are needed to stage the attack.
- Victim interactionRequired
The user must be socially engineered into installing a crafted malicious Chrome extension for the exploit to trigger.
- Attack complexityDetail
The exploit is reliable and imposes no special race-condition or memory-layout requirements once the malicious extension is installed.
Blast Radius
- Arbitrary code executes inside the Chrome renderer sandbox, giving the attacker control over the browser process.
- The attacker reads high-sensitivity browser data such as stored session cookies, saved credentials, and page content from active tabs.
- The attacker modifies in-flight page content or injects scripts, enabling credential harvesting or redirection of browser requests.
How HarborGuard Handles This
Available on HarborGuard: any container image that packages a Chrome or Chromium binary below version 149.0.7827.53 is flagged as affected at CVSS 8.1 (High) immediately after the CVE enters upstream feeds. For customers who opt into auto-remediation, HarborGuard is capable of rebuilding the image at the fixed version, executing the configured regression tests, and opening a pull request against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled. Where compliance policy requires manual approval, the rebuilt image is staged and the finding is routed to the responsible team inbox for review. All environments continue to receive re-evaluation on each ingest cycle to confirm remediation status.
Fix available
- Google / Chrome< 149.0.7827.53 (from 149.0.7827.53)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N