PatchSiren cyber security CVE debrief
CVE-2026-12018 Google CVE debrief
CVE-2026-12018 is a High-severity vulnerability in Google Chrome on Windows, allowing local attackers to perform OS-level privilege escalation via a malicious file. The vulnerability is caused by an inappropriate implementation in Mojo and was patched in version 149.0.7827.115.
- Vendor
- Product
- Chrome
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-12
Who should care
Users of Google Chrome on Windows, particularly those concerned with OS-level security and privilege escalation attacks.
Technical summary
The vulnerability, CVE-2026-12018, has a CVSS score of 8.8 and is classified as High-severity. It affects Google Chrome on Windows prior to version 149.0.7827.115. The vulnerability is caused by an inappropriate implementation in Mojo, which can be exploited by a local attacker to perform OS-level privilege escalation via a malicious file.
Defensive priority
High
Recommended defensive actions
- Update Google Chrome to version 149.0.7827.115 or later.
- Ensure that all users of Google Chrome on Windows are aware of the vulnerability and the importance of updating to the patched version.
Evidence notes
The vulnerability was published on CVE.org on 2026-06-11T22:16:54.373Z and modified on 2026-06-12T20:51:12.190Z. The CVE record can be found at [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-12018).
Official resources
-
CVE-2026-12018 CVE record
CVE.org
-
CVE-2026-12018 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
[email protected] - Issue Tracking, Permissions Required
CVE-2026-12018 was published on 2026-06-11T22:16:54.373Z and modified on 2026-06-12T20:51:12.190Z.