PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-12446 Google CVE debrief

CVE-2026-12446 is a high-severity vulnerability in Google Chrome's Passwords implementation. The issue allowed a remote attacker to leak cross-origin data via a crafted HTML page. Google Chrome versions prior to 149.0.7827.155 are affected. This vulnerability has significant implications for users who handle sensitive information or require high security standards. The vulnerability's high severity rating indicates that it could have a substantial impact on affected systems. Defenders should prioritize patching this vulnerability to prevent potential exploitation.

Vendor
Google
Product
Chrome
CVSS
MEDIUM 4.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-18
Advisory published
2026-06-17
Advisory updated
2026-06-18

Who should care

This vulnerability affects users of Google Chrome, particularly those who handle sensitive information or require high security standards. Users who prioritize security and handle sensitive data should update their browsers immediately. IT administrators should also review their systems and ensure that all Google Chrome instances are updated to the latest version. Furthermore, users should be cautious when clicking on links or providing sensitive information online to minimize the risk of exploitation.

Technical summary

The vulnerability is caused by an inappropriate implementation in Google Chrome's Passwords feature. This allows remote attackers to leak cross-origin data by exploiting the vulnerability via a crafted HTML page. The Chromium security severity of this issue is High. The vulnerability affects Google Chrome versions prior to 149.0.7827.155. Defenders should focus on updating Google Chrome to the latest version to mitigate this vulnerability. Additionally, implementing security measures such as two-factor authentication can help reduce the risk associated with this vulnerability.

Defensive priority

High

Recommended defensive actions

  • Update Google Chrome to version 149.0.7827.155 or later
  • Review and monitor browser extensions for potential security risks
  • Implement additional security measures, such as two-factor authentication
  • Verify browser version and update if necessary
  • Review CVE record and NVD entry for vulnerability details
  • Monitor for potential exploitation attempts

Evidence notes

The CVE record was published on 2026-06-17T13:19:59.907Z and was last modified on 2026-06-18T13:46:49.697Z. The NVD entry is currently Analyzed. This information is crucial for defenders to understand the vulnerability's context and potential impact. The vulnerability affects Google Chrome versions prior to 149.0.7827.155. Users should verify their browser versions and update accordingly. The CVE record provides essential details about the vulnerability, including its severity and potential exploitation. Defenders should review the CVE record and NVD entry to understand the vulnerability's scope and potential impact on their systems.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T13:19:59.907Z and has not been modified since then. The NVD entry is currently Analyzed.