CVE-2026-11668

Analyzed Analyzed - Analysis Complete

Uninitialized Use in Codecs in Google Chrome

Publication date: 2026-06-09

Last updated on: 2026-06-10

Assigner: Chrome

Description

Uninitialized Use in Codecs in Google Chrome on Linux, ChromeOS prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted video file. (Chromium security severity: High)

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-09

Last Modified

2026-06-10

Generated

2026-06-29

AI Q&A

2026-06-09

EPSS Evaluated

2026-06-28

NVD

CVE-2026-11668

EUVD

EUVD-2026-35268

Affected Vendors & Products

Vendor	Product	Version / Range
google	chrome	to 149.0.7827.102 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-457	The code uses a variable that has not been initialized, leading to unpredictable or unintended results.

Attack-Flow Graph

Executive Summary

This vulnerability is an uninitialized use issue in codecs within Google Chrome on Linux and ChromeOS versions prior to 149.0.7827.103. It allows a remote attacker to leak cross-origin data by using a specially crafted video file.

Impact Analysis

The vulnerability can lead to unauthorized disclosure of data from different origins, potentially exposing sensitive information to remote attackers through crafted video files.

Compliance Impact

This vulnerability allows a remote attacker to leak cross-origin data via a crafted video file, which could potentially expose sensitive information.

Such data leakage may impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access or disclosure.

However, specific impacts on compliance depend on the nature of the leaked data and the context in which the vulnerability is exploited.

Hi! I’m here to help you understand CVE-2026-11668. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70