Skip to main content

Google Chrome EUVDEUVD-2026-36347

| CVE-2026-12027 CRITICAL
Execution with Unnecessary Privileges (CWE-250)
2026-06-11 Chrome GHSA-88g6-23mm-rpg4
9.6
CVSS 3.1 · Vendor: Chrome
Share

Severity by source

Vendor (Chrome) PRIMARY
9.6 CRITICAL
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
vuln.today AI
8.3 HIGH

Network-delivered HTML with user interaction, but requires a prior renderer compromise to reach the bug, so AC:H; successful escape changes scope and yields high C/I/A in the browser process.

3.1 AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
SUSE
CRITICAL
qualitative
Red Hat
8.3 HIGH
qualitative

Primary rating from Vendor (Chrome).

CVSS VectorVendor: Chrome

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 12, 2026 - 15:22 vuln.today
CVSS changed
Jun 12, 2026 - 15:22 NVD
9.6 (CRITICAL)
CVE Published
Jun 11, 2026 - 20:48 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 11, 2026 - 20:48 cve.org
CRITICAL 9.6

DescriptionCVE.org

Inappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

AnalysisAI

Sandbox escape in Google Chrome prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the Headless component sandbox via a crafted HTML page. The flaw is rated High severity by Chromium and carries CVSS 9.6 due to scope change and user interaction, though EPSS remains very low (0.03%) and there is no public exploit identified at time of analysis. A vendor patch is available in the stable channel update published June 2026.

Technical ContextAI

Headless mode in Chromium (cpe:2.3:a:google:chrome) is the runtime used for automation, printing, and PDF generation, and runs renderer logic in a sandboxed child process. The root cause class (CWE-250: Execution with Unnecessary Privileges) indicates that the Headless component performed an operation with broader privileges than required, providing a path for an already-compromised renderer to cross the sandbox boundary. Because Chromium's sandbox is the last line of defense against a malicious page that has corrupted the renderer, weakening that boundary effectively turns an in-renderer bug into full browser-process code execution.

RemediationAI

Vendor-released patch: update Google Chrome to 149.0.7827.115 or later on the stable channel as documented at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01962725236.html, and verify enterprise auto-update policies (chrome://settings/help) are not blocking rollout. For fleets using Headless Chrome for automation, CI, or server-side PDF rendering, prioritize updating those images because Headless is the specifically impacted component; pin to the patched version in container base images. As an interim compensating control where patching is delayed, avoid running Headless Chrome against untrusted HTML inputs and isolate Headless workers in a separate OS-level sandbox (e.g., gVisor, seccomp, or a disposable VM), accepting the trade-off of added latency and operational complexity.

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
SUSE Package Hub 15 SP7 Fixed
openSUSE Tumbleweed Fixed
SUSE Package Hub 15 SP7 Affected

Share

EUVD-2026-36347 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy