CVE-2026-11157EPSS p2.2%
CVE-2026-11157CVE-2026-11157
google / chrome
Description
Script injection in Accessibility in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML (UXSS) via a crafted Chrome Extension. (Chromium security severity: Medium)
Scoring
| CVSS | 5.4 () |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
| EPSS | 0.12% probability of exploitation · percentile 2.2% · 2026-06-18T12:00:27Z |
| Last modified | 2026-06-08 |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.