PatchSiren cyber security CVE debrief
CVE-2026-12015 Google CVE debrief
CVE-2026-12015 is a use after free vulnerability in Autofill in Google Chrome prior to version 149.0.7827.115. This vulnerability allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. The Chromium security severity of this vulnerability is rated as High, and it has a CVSS score of 5.3, which is considered Medium severity.
- Vendor
- Product
- Chrome
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-13
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-13
Who should care
Users of Google Chrome prior to version 149.0.7827.115 should update to the latest version to mitigate this vulnerability. This vulnerability could allow an attacker to access sensitive information from the process memory.
Technical summary
The vulnerability is caused by a use after free issue in the Autofill component of Google Chrome. This occurs when the program attempts to use memory after it has been freed, which can lead to unpredictable behavior and potentially allow an attacker to access sensitive information.
Defensive priority
High
Recommended defensive actions
- Update Google Chrome to version 149.0.7827.115 or later.
Evidence notes
This CVE record was obtained from the official CVE.org website and the NVD detail page.
Official resources
-
CVE-2026-12015 CVE record
CVE.org
-
CVE-2026-12015 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
[email protected] - Issue Tracking, Permissions Required
CVE-2026-12015 was published on 2026-06-11T22:16:54.047Z and modified on 2026-06-13T00:54:05.107Z.