PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-12441 Google CVE debrief

A critical vulnerability, CVE-2026-12441, was discovered in Google Chrome's File Input component on Linux systems. This use-after-free vulnerability, rated as Critical by Chromium, allows remote attackers to potentially exploit heap corruption via a crafted HTML page. The vulnerability has a CVSS score of 8.8, indicating a high severity. Google Chrome users on Linux systems should prioritize updating to version 149.0.7827.155 or later to mitigate this risk. This vulnerability was publicly disclosed on June 17, 2026, and the CVE record was last modified on June 18, 2026.

Vendor
Google
Product
Chrome
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-18
Advisory published
2026-06-17
Advisory updated
2026-06-18

Who should care

Linux users of Google Chrome, particularly those who browse the web on untrusted sites or open HTML pages from untrusted sources, should be aware of this vulnerability. IT administrators responsible for managing Chrome deployments in Linux environments should prioritize patching to prevent potential exploitation.

Technical summary

CVE-2026-12441 is a use-after-free vulnerability in the File Input component of Google Chrome on Linux. This vulnerability occurs when the browser attempts to access memory that has already been freed, which can lead to heap corruption. An attacker could exploit this vulnerability by crafting a malicious HTML page that, when opened in Chrome, would allow for potential heap corruption. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating a high severity with the potential for high impact on confidentiality, integrity, and availability.

Defensive priority

High

Recommended defensive actions

  • Update Google Chrome to version 149.0.7827.155 or later on Linux systems.
  • Ensure that all users of Google Chrome on Linux systems are aware of the need to update their browsers.
  • Implement a patch management process to ensure timely updates of Google Chrome and other critical software.
  • Consider implementing a web application firewall (WAF) to detect and block malicious HTML pages.
  • Educate users on safe browsing practices, such as avoiding suspicious links and only opening HTML pages from trusted sources.
  • Monitor browser logs for potential exploitation attempts.
  • Consider implementing a vulnerability management program to stay informed about potential vulnerabilities in Google Chrome and other software.

Evidence notes

The CVE record for CVE-2026-12441 was obtained from the National Vulnerability Database (NVD) and was last modified on June 18, 2026. The vulnerability was publicly disclosed on June 17, 2026. The CVSS score and vector were provided by the NVD. Additional information was obtained from the Google Chrome release blog and Chromium issue tracker.

Official resources

Publicly disclosed on June 17, 2026.