CVE Catalog

CVE-2026-11157

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Summary

In Google Chrome prior to version 149.0.7827.53, there was a script injection vulnerability in the accessibility feature. An attacker could convince a user to install a malicious extension, allowing the injection of arbitrary scripts or HTML.

Risk Assessment

This vulnerability poses a risk to users who may be exposed to malicious actions after installing unsafe extensions. It could lead to data theft or system compromise.

Recommendation

It is recommended to update Google Chrome to the latest version to mitigate this vulnerability. Users should also avoid installing unknown or suspicious extensions.

Original NVD description (English source)

Script injection in Accessibility in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML (UXSS) via a crafted Chrome Extension. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS