What is the CVSS score of CVE-2026-12010?

CVE-2026-12010 has a CVSS 3.1 base score of 8.3 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Google Chrome are affected by CVE-2026-12010?

A sandbox escape vulnerability in Google Chrome on Android prior to version 149.0.7827.115 could allow attackers to escalate browser compromise into full device control.. A patch is available.

How to fix or mitigate CVE-2026-12010?

Within 24 hours: Identify all Android devices running Chrome and assess current version distribution against Chrome 149.0.7827.115. Within 7 days: Execute deployment of Chrome 149.0.7827.115 or later to all Android endpoints. Within 30 days: Complete patch deployment verification and audit device inventory for ongoing compliance.

Google Chrome CVE-2026-12010

EUVD-2026-36331 HIGH

Heap-based Buffer Overflow (CWE-122)

2026-06-11 Chrome

GHSA-7mrw-37c7-gw8p

Heap Overflow Google Buffer Overflow

8.3

CVSS 3.1 · Vendor: Chrome

Severity by source

Vendor (Chrome) PRIMARY

8.3 HIGH

AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

vuln.today AI

8.3 HIGH

Network-delivered via crafted page (AV:N, UI:R); AC:H because a prior renderer compromise is required; PR:N as no auth needed; S:C and C/I/A:H reflect sandbox escape to GPU process.

3.1 AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

4.0 AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (Chrome).

CVSS VectorVendor: Chrome

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Jun 12, 2026 - 02:23 vuln.today

CVSS changed

Jun 12, 2026 - 02:22 NVD

8.3 (HIGH)

CVSS changed

Jun 12, 2026 - 02:22 NVD

8.3 (HIGH)

CVE Published

Jun 11, 2026 - 20:48 cve.org

HIGH 8.3

CVE Published

Jun 11, 2026 - 20:48 cve.org

UNKNOWN (no severity yet)

DescriptionCVE.org

Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

AnalysisAI

Sandbox escape in Google Chrome on Android prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a heap buffer overflow in the GPU process. Chromium rates this severity Critical, and while no public exploit identified at time of analysis, the bug is part of a classic two-stage exploitation chain typically used in browser zero-day exploits. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Lure user to crafted page

Delivery

Exploit prior renderer bug for RCE in sandbox

Exploit

Issue malicious GPU IPC commands

Execution

Trigger heap overflow in GPU process

Persist

Escape renderer sandbox

Impact

Execute code at GPU-process privilege

Access

Lure user to crafted page

Delivery

Exploit prior renderer bug for RCE in sandbox

Exploit

Issue malicious GPU IPC commands

Execution

Trigger heap overflow in GPU process

Persist

Escape renderer sandbox

Impact

Execute code at GPU-process privilege

Vulnerability AssessmentAI

Exploitation	Exploitation requires (1) Chrome for Android at a version below 149.0.7827.115, (2) the attacker already holding code execution inside the renderer process - typically achieved via a chained renderer bug, since the GPU heap overflow is not reachable from ordinary JavaScript or unprivileged web content alone, and (3) user interaction to load a crafted HTML page in the vulnerable Chrome instance. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 3.1 vector AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H yields 8.3 (High), driven by the scope change (sandbox escape) and full CIA impact, tempered by High attack complexity (requires a prior renderer compromise) and required user interaction (visiting a crafted page). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A targeted user on Android with an unpatched Chrome is lured to a malicious page that first exploits an unrelated renderer bug to gain code execution inside the sandboxed renderer, then sends crafted GPU commands that trigger the heap overflow in the GPU process to escape the sandbox and run code with GPU-process privileges. From there the attacker can pivot further into the Android OS via GPU-driver bugs, enabling spyware-style implant deployment. …
Remediation	Vendor-released patch: Chrome 149.0.7827.115 - update Chrome for Android to 149.0.7827.115 or later via Google Play, which is the only durable fix. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all Android devices running Chrome and assess current version distribution against Chrome 149.0.7827.115. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-12010 vulnerability details – vuln.today

Back

Google Chrome CVE-2026-12010

Severity by source

CVSS VectorVendor: Chrome

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code