CVE-2026-12460

MEDIUM apple, google, linux, microsoft chrome, linux_kernel, macos, windows NVD

CVSS Score 4.2

Severity MEDIUM

Published Jun 17, 2026

Vendor apple, google, linux, microsoft

Description

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. (Chromium security severity: High)

Vendor Advisories

https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html

References

https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html
https://issues.chromium.org/issues/517484284