PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-12031 Google CVE debrief

CVE-2026-12031 is a High-severity vulnerability in Google Chrome on Windows. The vulnerability is caused by an inappropriate implementation in Views, which could allow a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. The CVSS score for this vulnerability is 8.3, indicating a High severity.

Vendor
Google
Product
Chrome
CVSS
HIGH 8.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-11
Original CVE updated
2026-06-12
Advisory published
2026-06-11
Advisory updated
2026-06-12

Who should care

Users of Google Chrome on Windows prior to version 149.0.7827.115 should update to the latest version to mitigate this vulnerability. This vulnerability was publicly disclosed on 2026-06-11T22:16:55.677Z and was modified on 2026-06-12T18:05:24.940Z.

Technical summary

The vulnerability is caused by an inappropriate implementation in Views in Google Chrome on Windows prior to 149.0.7827.115. This could allow a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Defensive priority

High

Recommended defensive actions

  • Update Google Chrome to version 149.0.7827.115 or later.
  • Refer to [ref-4](https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01962725236.html) for vendor advisory.

Evidence notes

Evidence for this CVE comes from the official CVE record [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-12031) and the National Vulnerability Database [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-12031).

Official resources

CVE-2026-12031 was publicly disclosed on 2026-06-11T22:16:55.677Z and was modified on 2026-06-12T18:05:24.940Z.