PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-12458 Google CVE debrief

A High-severity vulnerability, CVE-2026-12458, was found in Google Chrome's Passwords feature. This issue, caused by inappropriate implementation, allows a remote attacker to leak cross-origin data via a crafted HTML page by convincing a user to engage in specific UI gestures. The vulnerability has a High severity rating and a CVSS score of 3.1. The Chromium security severity of this issue is rated as High. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N. This vulnerability affects Google Chrome prior to version 149.0.7827.155.

Vendor
Google
Product
Chrome
CVSS
LOW 3.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-17
Advisory published
2026-06-17
Advisory updated
2026-06-17

Who should care

Users of Google Chrome prior to version 149.0.7827.155 should update to the latest version to mitigate this vulnerability. Additionally, security teams and IT administrators responsible for managing Chrome installations within their organizations should prioritize this update. They should review the official advisory and consider implementing compensating controls until the update can be applied.

Technical summary

The vulnerability, tracked as CVE-2026-12458, is caused by inappropriate implementation in the Passwords feature of Google Chrome. Specifically, it allows a remote attacker who can convince a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. The Chromium security severity of this issue is rated as High. The CVSS score for this vulnerability is 3.1, with the vector being CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N. This vulnerability affects Google Chrome prior to version 149.0.7827.155.

Defensive priority

This vulnerability has a High severity rating and a CVSS score of 3.1. Given its potential impact, it is recommended that affected systems be patched as soon as possible. Security teams should prioritize this update and consider implementing additional monitoring or compensating controls until the update can be applied.

Recommended defensive actions

  • Update Google Chrome to version 149.0.7827.155 or later
  • Ensure all users of Google Chrome within the organization are aware of the need to update their browsers
  • Consider implementing additional monitoring or compensating controls until the update can be applied
  • Review relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed

Evidence notes

The CVE record was published on 2026-06-17T13:20:02.560Z and was last modified on 2026-06-17T15:20:47.327Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability has been assessed as High severity by the Chromium security team. The CVSS score is 3.1, indicating a relatively low impact. However, the High severity rating suggests that the vulnerability could still have significant consequences if exploited. Defenders should verify the affected scope and review the official advisory for mitigation guidance.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T13:20:02.560Z and has not been modified since then. The NVD entry is currently Analyzed.