CVE Catalog

CVE-2026-12026

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile — higher than 15% of all known CVEs

Summary

An out-of-bounds read vulnerability in the Video component of Google Chrome on ChromeOS prior to version 149.0.7827.115 allows a remote attacker who has compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.

Risk Assessment

The risk involves potential leakage of sensitive data from browser memory, such as passwords, tokens, or encryption keys, which could expose the organization to identity theft or further attacks.

Recommendation

It is recommended to immediately update Google Chrome on ChromeOS to version 149.0.7827.115 or later to mitigate the vulnerability.

Original NVD description (English source)

Out of bounds read in Video in Google Chrome on ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS