PatchSiren cyber security CVE debrief
CVE-2026-12457 Google CVE debrief
A high-severity vulnerability was discovered in Google Chrome's Extensions, allowing remote attackers to bypass site isolation via a crafted HTML page. This issue is caused by inappropriate implementation in Extensions. The vulnerability has a CVSS score of 4.2 and is classified as MEDIUM severity. It was reported and patched prior to the publication of this CVE. The vulnerability impacts users of Google Chrome prior to version 149.0.7827.155, particularly those in enterprise environments and individual users who rely on Chrome for browsing. Administrators should prioritize updating Chrome to the latest version to mitigate potential risks.
- Vendor
- Product
- Chrome
- CVSS
- MEDIUM 4.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-17
Who should care
Users of Google Chrome prior to version 149.0.7827.155 should update to the latest version to mitigate this vulnerability. This includes administrators and users of Chrome in enterprise environments, as well as individual users who rely on Chrome for browsing. IT teams should verify the versions of Chrome in use and ensure that all instances are updated. Additionally, security teams should monitor for any suspicious activity related to this vulnerability.
Technical summary
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. The vulnerability has a CVSS score of 4.2 and is classified as MEDIUM severity. This issue affects Google Chrome's Extensions, enabling an attacker to bypass site isolation, a critical security feature. Users of Google Chrome should ensure they are running version 149.0.7827.155 or later to mitigate this vulnerability.
Defensive priority
High
Recommended defensive actions
- Update Google Chrome to version 149.0.7827.155 or later
- Ensure that site isolation is enabled in Google Chrome
- Monitor for suspicious activity in Google Chrome
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-06-17T13:20:02.417Z and has not been modified since then. The NVD entry is currently Analyzed. This information is based on the CVE.org and NVD sources. The vulnerability affects Google Chrome prior to version 149.0.7827.155. Users should verify their versions and update as necessary. The CVE details are sourced from official databases and vendor advisories, providing a reliable basis for assessing and mitigating this vulnerability.
Official resources
-
CVE-2026-12457 CVE record
CVE.org
-
CVE-2026-12457 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
[email protected] - Permissions Required
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T13:20:02.417Z and has not been modified since then.