CVE-2026-12444 Google CVE debrief

Who should care

Users of Google Chrome on Windows, particularly those in environments where local attackers may have access to the system, should be aware of this vulnerability and update to the latest version of Chrome to mitigate the risk.

Technical summary

The vulnerability is an out-of-bounds read in the Chromoting feature of Google Chrome on Windows. This feature allows users to access remote desktops. The vulnerability can be exploited by a local attacker using a malicious file, potentially leading to the disclosure of sensitive information from process memory. The Common Vulnerabilities and Exposures (CVE) score is 5.5, indicating a Medium severity level. The Common Weakness Enumeration (CWE) associated with this vulnerability is CWE-125, which refers to 'Out-of-bounds Read'.

Defensive priority

High

Recommended defensive actions

• Update Google Chrome to version 149.0.7827.155 or later.
• Ensure that all users of Google Chrome on Windows are aware of the need for this update.
• Implement measures to prevent local attackers from accessing the system.
• Regularly review and update software to prevent exploitation of known vulnerabilities.
• Consider implementing additional security measures such as sandboxing or application whitelisting.
• Monitor system logs for potential exploitation attempts.
• Educate users on the risks associated with opening malicious files.

Evidence notes

The information provided is based on data from the National Vulnerability Database (NVD) and the Chrome Releases blog. The CVE record and NVD detail pages provide official information about the vulnerability, including its CVSS score and CWE classification. Additional details can be found in the Chrome Releases blog post and the Chromium issue tracker.

Official resources