CVE-2026-12453

MEDIUM apple, google, linux, microsoft chrome, linux_kernel, macos, windows NVD

CVSS Score 4.2

Severity MEDIUM

Published Jun 17, 2026

Vendor apple, google, linux, microsoft

Description

Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)

Vendor Advisories

https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html

References

https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html
https://issues.chromium.org/issues/516448843