HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-12010Published Modified CNA Chrome

CVE-2026-12010: Heap buffer overflow in GPU in Google Chrome on Android prior to 149

Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Metrics

CVSS v3.1
8.3
Severity
HIGH
Fixed in
149.0.7827.115
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A heap buffer overflow in the GPU component of Google Chrome for Android allows a remote attacker who has already compromised the renderer process to escape the browser sandbox. The vulnerability is reachable over the network, requires no authentication, but does require the victim to visit a crafted HTML page, and the attacker must already control the renderer process, making this a high-complexity exploit chain. Successful exploitation grants the attacker full control beyond the sandbox boundary, enabling arbitrary code execution, data theft, and tampering on the affected device. A patched-image rebuild at version 149.0.7827.115 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-12010 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of publication from upstream feeds, including custom-built images that bundle Chrome for Android. Any image containing a Chrome version below 149.0.7827.115 is flagged automatically in both registry scans and CI/CD pipeline checks.

Available
Triage

HarborGuard scores this vulnerability at CVSS 8.3 (High) using the published v3.1 vector and applies per-environment compliance policy weighting to prioritize routing. Findings are surfaced to the appropriate team inbox within each customer organization based on configured ownership rules.

Available
Patch

A patched-image rebuild pinned to Chrome 149.0.7827.115 becomes available on HarborGuard for any environment where an affected image is detected. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite against the updated image, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the crafted HTML page over the network, requiring the victim's device to be reachable via a browser session initiated from a remote origin.

  • AuthenticationNot required

    No account, credential, or session token is needed; the attack is launched from an unauthenticated remote origin against any visiting user.

  • Victim interactionRequired

    The victim must navigate to or be redirected to a crafted HTML page, making social engineering or a malicious ad/link a necessary step in the attack chain.

  • Attack complexityDetail

    Attack complexity is high because the attacker must have already compromised the renderer process as a precondition before the GPU overflow can be used to escape the sandbox.

Blast Radius

  • Attacker escapes the Chrome sandbox boundary and gains code execution in the broader Android process context outside the renderer jail.
  • Confidential data accessible to the Chrome process, including stored credentials, session cookies, and browsing history, becomes readable to the attacker.
  • The attacker can write or modify data within the scope of the compromised process, including cached files and application storage.
  • The affected Chrome process and dependent services can be crashed or destabilized, causing denial of service for the browser session.

How HarborGuard Handles This

Available on HarborGuard: any container image bundling Google Chrome for Android below version 149.0.7827.115 is matched against this CVE within minutes of the advisory entering upstream feeds. HarborGuard scores the finding at CVSS 8.3 High and routes it according to each environment's compliance policy and ownership configuration. Where compliance policy permits, a patched rebuild at 149.0.7827.115 is queued automatically; for customers who opt into auto-remediation, the median time from CVE publication to a merged patch PR for high-severity issues is around 90 minutes, covering the rebuild, regression run, and pull request opened against affected workloads. Given the sandbox-escape nature of this vulnerability and its high-complexity but high-impact profile, immediate upgrade to 149.0.7827.115 is the primary control; teams that cannot upgrade immediately should consider restricting or disabling the affected Chrome-based component at the network-policy layer until the patched image is promoted.

See how HarborGuard automates this

Fix available

149.0.7827.115
Affected packages
  • Google / Chrome
    < 149.0.7827.115 (from 149.0.7827.115)
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
References