CVE-2026-12456

MEDIUM apple, google, linux, microsoft chrome, linux_kernel, macos, windows NVD

CVSS Score 4.2

Severity MEDIUM

Published Jun 17, 2026

Vendor apple, google, linux, microsoft

Description

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. (Chromium security severity: High)

Vendor Advisories

https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html

References

https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html
https://issues.chromium.org/issues/517124587