PatchSiren cyber security CVE debrief
CVE-2026-12026 Google CVE debrief
CVE-2026-12026 is an out of bounds read vulnerability in Video in Google Chrome on ChromeOS prior to 149.0.7827.115. A remote attacker who had compromised the renderer process could obtain potentially sensitive information from process memory via a crafted HTML page. The Chromium security severity is rated as High.
- Vendor
- Product
- Chrome
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-12
Who should care
Users of Google Chrome on ChromeOS prior to version 149.0.7827.115 should update to the latest version to mitigate this vulnerability.
Technical summary
The vulnerability is caused by an out of bounds read in the Video component of Google Chrome on ChromeOS. This allows a remote attacker who has compromised the renderer process to access potentially sensitive information from process memory.
Defensive priority
High
Recommended defensive actions
- Update Google Chrome on ChromeOS to version 149.0.7827.115 or later.
Evidence notes
Evidence for this CVE comes from official sources, including the CVE.org record and the NVD detail page.
Official resources
CVE-2026-12026 was published on 2026-06-11T22:16:55.147Z and modified on 2026-06-12T13:08:47.310Z.