CVE-2026-11231: Inappropriate implementation in Safe Browsing in Google Chrome on Mac prior to 149
Inappropriate implementation in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a malicious file. (Chromium security severity: Low)
Metrics
- CVSS v3.1
- 8.1
- Severity
- HIGH
- Fixed in
- 149.0.7827.53
- Affected Products
- 1
HarborGuard Analysis
Synopsis
An inappropriate implementation flaw in the Safe Browsing component of Google Chrome on macOS allows a remote attacker to execute arbitrary code by convincing a user to open a malicious file. The vulnerability is reachable over the network and requires no authentication, though it does require the victim to interact with a crafted file delivered by the attacker. Successful exploitation gives the attacker the ability to read sensitive data and modify files or system state within the browser's context. A patched-image rebuild at version 149.0.7827.53 is available on HarborGuard for environments running an affected version of Chrome on Mac.
HarborGuard Coverage
Detection for CVE-2026-11231 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream feeds, including custom-built images that bundle Google Chrome on macOS base layers.
AvailableHarborGuard is capable of scoring this CVE at CVSS 8.1 (HIGH) and weighting that score against each environment's compliance policy, then routing findings to the appropriate team inbox within each customer organization.
AvailableA patched-image rebuild at Chrome version 149.0.7827.53 is available on HarborGuard for any environment found running an affected version. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs regression tests, and opens a PR against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityRequired
The attacker delivers the malicious file over the network, so the targeted service or user must be reachable from an external or remote network location.
- AuthenticationNot required
No account or credential is needed; the attacker can initiate the attack without authenticating to any service.
- Victim interactionRequired
The victim must open or interact with the attacker-supplied malicious file, making this a social-engineering dependent attack.
- Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, memory layout, or other unpredictable environmental factors.
Blast Radius
- The attacker executes arbitrary code in the context of the Chrome process on the victim's Mac, gaining the ability to read files, browser history, stored credentials, and session tokens accessible to that process.
- The attacker can write or modify files within reach of the compromised Chrome process, including cached data and user-writable directories.
- Confidentiality and integrity of data handled by the browser are both fully compromised; availability is not directly impacted by this vulnerability.
How HarborGuard Handles This
Available on HarborGuard: detection for this CVE is matched against all customer images within minutes of publication, covering any image that bundles Google Chrome on a macOS-compatible base layer. Where a fix version is confirmed (149.0.7827.53), HarborGuard can generate a patched-image rebuild immediately. For customers who opt into auto-remediation, the typical flow includes a rebuilt image, a regression-test run, and a PR opened against affected workloads; for HIGH-severity issues, median time from CVE publication to merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where compliance policy does not permit auto-remediation, the finding is surfaced in the customer's triage queue with CVSS score, affected image list, and the confirmed fix version for manual action.
Fix available
- Google / Chrome< 149.0.7827.53 (from 149.0.7827.53)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N