CVE-2026-12447 Google CVE debrief

Who should care

Users of Google Chrome, particularly those who use the browser for sensitive activities or in high-risk environments, should be aware of this vulnerability and take steps to mitigate it. IT administrators and security teams should prioritize patching this vulnerability to prevent potential attacks.

Technical summary

The CVE-2026-12447 vulnerability is a heap buffer overflow in the WebRTC component of Google Chrome. This occurs when the browser fails to properly handle a crafted HTML page, allowing a remote attacker to execute arbitrary code within a sandbox environment. The vulnerability has a CVSS score of 8.8 and is considered high-severity. The Chrome browser was updated to version 149.0.7827.155 to address this issue.

Defensive priority

High

Recommended defensive actions

• Update Google Chrome to version 149.0.7827.155 or later
• Use the latest version of Google Chrome
• Avoid using outdated or unpatched versions of Google Chrome
• Implement additional security measures, such as sandboxing and network segmentation
• Monitor for suspicious activity and potential attacks
• Keep software and systems up-to-date with the latest security patches

Evidence notes

The CVE-2026-12447 vulnerability was publicly disclosed on June 17, 2026, and the Chrome browser was updated to version 149.0.7827.155 to address the issue. The CVSS score for this vulnerability is 8.8, indicating a high level of severity. The vulnerability is a heap buffer overflow in the WebRTC component of Google Chrome.

Official resources