CVE-2026-11682: Inappropriate implementation in Views in Google Chrome on Linux prior to 149
Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Metrics
- CVSS v3.1
- 8.3
- Severity
- HIGH
- Fixed in
- 149.0.7827.103
- Affected Products
- 1
HarborGuard Analysis
Synopsis
This is a sandbox escape vulnerability in Google Chrome's Views component on Linux, affecting all versions prior to 149.0.7827.103. The flaw is reachable over the network but requires the attacker to have already compromised the renderer process and to trick a user into visiting a crafted HTML page. Successful exploitation allows the attacker to break out of Chrome's sandbox, gaining the ability to read files, modify data, or disrupt processes on the underlying host. A patched-image rebuild at version 149.0.7827.103 is available on HarborGuard for affected environments.
HarborGuard Coverage
Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in registries and CI/CD pipelines, including custom-built images that bundle Chrome on Linux base layers.
AvailableHarborGuard scores this finding at CVSS 8.3 (High) and weights it against each environment's compliance policy to determine urgency and routing, directing alerts to the appropriate team inbox within each customer organization.
AvailableA patched-image rebuild at Chrome 149.0.7827.103 becomes available on HarborGuard as soon as the fix version is resolved. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite, and opens a PR against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityRequired
The attacker must reach the victim over the network by serving a crafted HTML page, making the service's network exposure a prerequisite.
- AuthenticationNot required
No account or credentials are needed to deliver the malicious page to the victim's browser.
- Victim interactionRequired
The victim must visit a crafted HTML page, meaning the attacker must use a social-engineering or drive-by delivery mechanism to lure the user.
- Attack complexityDetail
Exploitation is rated high complexity because the attacker must have already compromised the renderer process before attempting the sandbox escape, introducing a significant precondition.
Blast Radius
- A successful attacker escapes Chrome's sandbox and gains code execution in the context of the browser process on the Linux host.
- Confidentiality impact is high: the attacker can read files and data accessible to the browser process, including cached credentials or session tokens stored on disk.
- Integrity impact is high: the attacker can write or modify files and persistent data on the host outside the sandbox boundary.
- Availability impact is high: the attacker can crash or disrupt the browser process and potentially other processes accessible from the escaped sandbox context.
How HarborGuard Handles This
Available on HarborGuard: any image containing Google Chrome for Linux at a version below 149.0.7827.103 is flagged within minutes of CVE ingestion. A rebuilt image at the patched version 149.0.7827.103 is available for environments running an affected version. For customers who opt into auto-remediation, HarborGuard performs the rebuild, executes a regression run, and opens a PR against affected workloads; for high-severity issues, the median time from CVE publication to a merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval, the finding is routed to the designated team inbox with CVSS score, affected layer, and fix version attached for fast human review.
Fix available
- Google / Chrome< 149.0.7827.103 (from 149.0.7827.103)
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H