Skip to main content

Google Chrome EUVD-2026-36340

| CVE-2026-12019 HIGH
Out-of-bounds Write (CWE-787)
2026-06-11 Chrome GHSA-pr7p-m797-x6pj
Google Memory Corruption Buffer Overflow
8.3
CVSS 3.1 · Vendor: Chrome
Share

Severity by source

Vendor (Chrome) PRIMARY
8.3 HIGH
AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
vuln.today AI
8.3 HIGH

Network-delivered via crafted page (AV:N, UI:R); AC:H because exploitation requires a chained prior renderer compromise and reliable heap grooming; PR:N as no Chrome auth is needed; scope change and full CIA on sandbox escape.

3.1 AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Chrome).

CVSS VectorVendor: Chrome

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 12, 2026 - 02:25 vuln.today
CVSS changed
Jun 12, 2026 - 02:22 NVD
8.3 (HIGH)
CVSS changed
Jun 12, 2026 - 02:22 NVD
8.3 (HIGH)
CVE Published
Jun 11, 2026 - 20:48 cve.org
HIGH 8.3
CVE Published
Jun 11, 2026 - 20:48 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

Heap buffer overflow in Codecs in Google Chrome on Linux and ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

AnalysisAI

Sandbox escape in Google Chrome on Linux and ChromeOS prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a heap buffer overflow in the Codecs component triggered by a crafted HTML page. Google rates the underlying issue as High severity and a vendor patch is available, but no public exploit is identified at time of analysis and the bug is not listed in CISA KEV. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Lure user to crafted page
Delivery
Compromise renderer via separate bug
Exploit
Trigger heap overflow in codec parsing
Execution
Corrupt sandbox IPC structures
Persist
Escape to browser process
Impact
Execute code outside sandbox
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires (1) a Linux or ChromeOS host running Chrome older than 149.0.7827.115, (2) an attacker who has already compromised the renderer process via a separate vulnerability - the CVE description states this prerequisite explicitly, so this bug is a sandbox-escape primitive rather than initial code execution, (3) the victim must visit a crafted HTML page (UI:R), and (4) the attacker must reliably hit the codec-parsing code path with attacker-controlled data. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H produces an 8.3 (High) and accurately captures that exploitation needs both user interaction (visiting a crafted page) and high attack complexity, but yields a scope change with full CIA impact once chained. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker lures a Linux or ChromeOS user to a crafted HTML page (for example via phishing or a malvertising redirect) that first exploits an unrelated renderer-side bug to gain code execution inside the sandboxed renderer, then triggers the Codecs heap buffer overflow to corrupt memory at the sandbox boundary and escape into the more privileged browser process. No public exploit identified at time of analysis, and the AC:H/UI:R requirements make this most plausible as part of a targeted, multi-bug chain rather than mass exploitation.
Remediation Vendor-released patch: update Google Chrome on Linux and ChromeOS to 149.0.7827.115 or later as described in the Stable Channel update at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01962725236.html, and on managed ChromeOS fleets ensure devices have rebooted to apply the platform update. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

24 hours: Inventory all Chrome and ChromeOS instances in your organization and document current versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-36340 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy