CVE-2026-12026
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk15th percentile — higher than 15% of all known CVEs
Summary
An out-of-bounds read vulnerability in the Video component of Google Chrome on ChromeOS prior to version 149.0.7827.115 allows a remote attacker who has compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.
Risk Assessment
The risk involves potential leakage of sensitive data from browser memory, such as passwords, tokens, or encryption keys, which could expose the organization to identity theft or further attacks.
Recommendation
It is recommended to immediately update Google Chrome on ChromeOS to version 149.0.7827.115 or later to mitigate the vulnerability.
Original NVD description (English source)
Out of bounds read in Video in Google Chrome on ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

