HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-12030Published Modified CNA Chrome

CVE-2026-12030: Out of bounds write in GPU in Google Chrome on Android prior to 149

Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Metrics

CVSS v3.1
8.3
Severity
HIGH
Fixed in
149.0.7827.115
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An out-of-bounds write vulnerability in the GPU component of Google Chrome on Android affects all versions prior to 149.0.7827.115. The flaw is reachable over the network but requires the attacker to have already compromised the Chrome renderer process and to trick the user into visiting a crafted HTML page; it also carries high attack complexity due to the prerequisite renderer compromise. Successful exploitation enables a full sandbox escape, giving the attacker high-impact read, write, and availability control over the host beyond the Chrome sandbox. A patched-image rebuild at version 149.0.7827.115 is available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection of CVE-2026-12030 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images, including custom-built Android or Chrome-embedded container images, in all connected registries and CI/CD pipelines. Any image packaging a Chrome version below 149.0.7827.115 is flagged automatically.

Available
Triage

HarborGuard scores this CVE at CVSS 8.3 HIGH and weights it further against each environment's compliance policy, factoring in whether the affected images are internet-exposed or carry elevated trust designations. Triage findings are routed to the appropriate team inbox within each customer organization based on image ownership and policy configuration.

Available
Patch

A patched-image rebuild at Chrome 149.0.7827.115 becomes available on HarborGuard the moment the fix version is confirmed in upstream feeds. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite against the updated image, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the crafted HTML page over the network, so the target device must be reachable and the user must navigate to the attacker-controlled content.

  • AuthenticationNot required

    No account or credentials are required; the attack is launched from an unauthenticated remote position.

  • Victim interactionRequired

    The target user must visit a crafted HTML page, making this a social-engineering step the attacker must successfully execute.

  • Attack complexityDetail

    Attack complexity is high because exploitation depends on the attacker having already achieved a separate renderer process compromise before the out-of-bounds write can be used for a sandbox escape.

Blast Radius

  • The attacker breaks out of the Chrome sandbox, gaining execution context outside the browser's restricted process boundary.
  • With sandbox escape achieved, the attacker reads sensitive data stored on the Android device accessible to the Chrome process, including session tokens and cached credentials.
  • The attacker writes or modifies files and data on the host beyond what the sandbox normally permits.
  • The attacker gains the ability to crash or disrupt the affected Chrome process and potentially dependent services on the device.

How HarborGuard Handles This

Available on HarborGuard: CVE-2026-12030 is matched against all images in connected registries and pipelines within minutes of feed ingestion, covering any image that bundles Chrome or a Chrome-derived component below version 149.0.7827.115. Given the HIGH severity and CVSS score of 8.3, this CVE is prioritized in the triage queue and weighted against each environment's compliance policy before routing. A patched-image rebuild at 149.0.7827.115 is available as soon as the fix version is confirmed upstream. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs regression tests, and opens a pull request against affected workloads; for environments where compliance policy requires manual approval, the rebuilt image and test results are staged and surfaced for reviewer action. Where compliance policy permits, the median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled.

See how HarborGuard automates this

Fix available

149.0.7827.115
Affected packages
  • Google / Chrome
    < 149.0.7827.115 (from 149.0.7827.115)
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
References