CVE-2026-12451 Google CVE debrief

Who should care

This vulnerability affects users of Google Chrome, particularly those who browse the web and may encounter crafted HTML pages. Organizations that use Google Chrome in their environments should prioritize patching to prevent potential sandbox escapes.

Technical summary

The vulnerability is a use after free issue in the DigitalCredentials component of Google Chrome. This occurs when the browser's memory management system improperly handles memory after it has been freed, allowing an attacker to potentially execute arbitrary code. The issue is rated as High severity by Chromium and has a CVSS score of 8.3. The vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H, indicating a network attack vector with high complexity and no privileges required.

Defensive priority

High

Recommended defensive actions

• Update Google Chrome to version 149.0.7827.155 or later
• Ensure all users of Google Chrome in the organization are updated to the latest version
• Monitor Google Chrome for any suspicious activity or potential sandbox escapes
• Implement additional security measures such as sandboxing and isolation
• Regularly review and update browser extensions and plugins
• Use a web application firewall to detect and prevent potential attacks
• Educate users on safe browsing practices and the importance of keeping software up-to-date

Evidence notes

The information provided is based on the official CVE record and NVD details. The CVE was published on 2026-06-17 and modified on 2026-06-18. The vulnerability is rated as High severity by Chromium and has a CVSS score of 8.3.

Official resources