CVE-2026-12027
9.6 CRITICALInappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the rende...
Published: 2026-06-11 · Last updated: 2026-06-13
Severity and scoring
- CVSS
- 9.6 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
- CWE
- CWE-250, CWE-693
Affected products
| Vendor | Product |
|---|---|
| chrome |
Description
Inappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-12035 — Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corrupt... (8.8 HIGH)
- CVE-2026-12034 — Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 149.0.7827.115 allowed a remote at... (8.3 HIGH)
- CVE-2026-12033 — Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process... (5.3 MEDIUM)
- CVE-2026-12032 — Inappropriate implementation in Passwords in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromis... (3.1 LOW)
- CVE-2026-12031 — Inappropriate implementation in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised t... (8.3 HIGH)
Same CWE
- CVE-2026-12214 — A security flaw has been discovered in Qihoo 360 Total Security 6.0 (7.8 HIGH)
- CVE-2026-47190 — IPAM is the IP address Manager for Cluster API Provider Metal3 (4.4 MEDIUM)
- CVE-2026-47209 — vm2 is an open source vm/sandbox for Node.js (8.6 HIGH)
- CVE-2026-47140 — vm2 is an open source vm/sandbox for Node.js (10.0 CRITICAL)
- CVE-2026-47139 — vm2 is an open source vm/sandbox for Node.js (8.6 HIGH)