Skip to main content

Google Chrome EUVDEUVD-2026-36351

| CVE-2026-12031 HIGH
Protection Mechanism Failure (CWE-693)
2026-06-11 Chrome GHSA-w2mw-j4jj-c949
8.3
CVSS 3.1 · Vendor: Chrome
Share

Severity by source

Vendor (Chrome) PRIMARY
8.3 HIGH
AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
vuln.today AI
8.3 HIGH

Network-delivered HTML, but AC:H and UI:R because exploitation requires a pre-existing renderer compromise and user navigation; PR:N as no browser auth is needed; S:C and C/I/A:H reflect the sandbox escape into the browser process.

3.1 AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
SUSE
CRITICAL
qualitative
Red Hat
8.3 HIGH
qualitative

Primary rating from Vendor (Chrome).

CVSS VectorVendor: Chrome

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 12, 2026 - 02:26 vuln.today
CVSS changed
Jun 12, 2026 - 02:22 NVD
8.3 (HIGH)
CVE Published
Jun 11, 2026 - 20:48 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 11, 2026 - 20:48 cve.org
HIGH 8.3

DescriptionCVE.org

Inappropriate implementation in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

AnalysisAI

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the Chromium sandbox via a crafted HTML page abusing the Views UI framework. Chromium rates the severity High, and no public exploit is identified at time of analysis, but sandbox-escape primitives are routinely chained with renderer RCE bugs into full browser compromise on Windows endpoints.

Technical ContextAI

The flaw lives in Chromium's Views framework, the cross-platform C++ UI toolkit that Chrome uses on Windows for native windows, menus, and dialogs and that runs inside the privileged browser process. CWE-693 (Protection Mechanism Failure) indicates the Views implementation does not correctly enforce a security boundary - specifically, the renderer-to-browser process boundary that the Chromium sandbox is designed to maintain. Because Views code is reachable from renderer-originated IPC, an inappropriate implementation there lets a compromised low-privileged renderer issue UI-related requests that the browser process mishandles, yielding code execution outside the sandbox. CPE data confirms google:chrome is the affected product, and the issue is Windows-specific per the description.

RemediationAI

Vendor-released patch: Google Chrome 149.0.7827.115 (Stable channel) on Windows - upgrade all Windows Chrome installs to 149.0.7827.115 or later via the Chrome Stable channel update referenced at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01962725236.html, and restart the browser to apply. For managed fleets, push the update via Chrome Browser Enterprise / Google Update / WSUS-equivalent tooling and verify with chrome://settings/help. There is no in-product configuration toggle that disables the Views subsystem, so meaningful workarounds are limited; compensating controls until patched include enforcing site isolation (already default), blocking untrusted external browsing through web proxy categorization or restricting browsing to known-good sites on high-value Windows hosts, and pairing with EDR rules that alert on chrome.exe browser-process spawning unusual child processes - with the trade-off of false positives on legitimate Chrome features such as PDF print and native messaging hosts.

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
SUSE Package Hub 15 SP7 Fixed
openSUSE Tumbleweed Fixed
SUSE Package Hub 15 SP7 Affected

Share

EUVD-2026-36351 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy