PatchSiren cyber security CVE debrief
CVE-2026-12019 Google CVE debrief
CVE-2026-12019 is a High-severity vulnerability in Google Chrome's Codecs component. A remote attacker who has compromised the renderer process can exploit this heap buffer overflow vulnerability via a crafted HTML page to potentially perform a sandbox escape.
- Vendor
- Product
- Chrome
- CVSS
- HIGH 8.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-13
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-13
Who should care
Users of Google Chrome on Linux and ChromeOS, particularly those with versions prior to 149.0.7827.115, should apply the update to mitigate this vulnerability.
Technical summary
The vulnerability, tracked as CVE-2026-12019, is a heap buffer overflow in the Codecs component of Google Chrome. It affects Google Chrome on Linux and ChromeOS prior to version 149.0.7827.115. An attacker who has compromised the renderer process can exploit this vulnerability via a crafted HTML page to potentially escape the sandbox.
Defensive priority
High
Recommended defensive actions
- Update Google Chrome to version 149.0.7827.115 or later.
- Ensure that ChromeOS is up-to-date.
Evidence notes
The CVE-2026-12019 vulnerability has a CVSS score of 8.3 and is considered High severity. It was published on June 11, 2026, and modified on June 13, 2026.
Official resources
-
CVE-2026-12019 CVE record
CVE.org
-
CVE-2026-12019 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
[email protected] - Issue Tracking, Permissions Required
CVE-2026-12019 was published on 2026-06-11T22:16:54.477Z and modified on 2026-06-13T00:45:25.580Z.