CVE-2026-12442 Google CVE debrief

Who should care

Android users of Google Chrome, particularly those who access sensitive information through the browser, should be aware of this vulnerability and update their browser to the latest version. IT administrators and security teams should also prioritize patching this vulnerability in their organization's Chrome deployments.

Technical summary

The CVE-2026-12442 vulnerability is a use-after-free issue in the Passwords feature of Google Chrome on Android. This type of vulnerability occurs when the browser attempts to access memory that has already been freed, allowing an attacker to potentially execute arbitrary code. The vulnerability has been rated as Critical by the Chromium security team and has a CVSS score of 8.8, indicating a high severity. The attack vector is network-based, and the vulnerability can be exploited without user interaction.

Defensive priority

High

Recommended defensive actions

• Update Google Chrome on Android to version 149.0.7827.155 or later
• Ensure that Chrome's auto-update feature is enabled
• Use a web application firewall (WAF) to detect and block suspicious traffic
• Implement a vulnerability management program to keep software up-to-date
• Use a secure browser extension to block malicious scripts
• Limit access to sensitive information and use multi-factor authentication
• Monitor browser logs for suspicious activity

Evidence notes

The information provided is based on the CVE record and NVD details. The CVE record was published on June 17, 2026, and modified on June 18, 2026. The vulnerability was reported to have a high CVSS score of 8.8 and is considered critical by the Chromium security team.

Official resources