CVE-2026-12026
Description
Out of bounds read in Video in Google Chrome on ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
How to fix CVE-2026-12026
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- Debian/chromium—no fix listed
Is CVE-2026-12026 being exploited?
No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2026-12026.
Affected packages (1)
- from 0