HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-12437Published Modified CNA Chrome

CVE-2026-12437: Use after free in WebShare in Google Chrome on Windows prior to 149

Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Metrics

CVSS v3.1
8.3
Severity
HIGH
Fixed in
149.0.7827.155
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A use-after-free vulnerability in the WebShare component of Google Chrome on Windows allows a remote attacker who has already compromised the renderer process to escape the browser sandbox via a crafted HTML page. The attack requires network reachability, no authentication, but does need a victim to interact with a malicious page, and exploitation is complicated by the need to first control the renderer process. Successful exploitation gives an attacker code execution outside the Chrome sandbox, effectively gaining full access to the underlying host system. A patched-image rebuild at version 149.0.7827.155 is available on HarborGuard for environments running an affected version of Chrome.

HarborGuard Coverage

Detection

Detection of CVE-2026-12437 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer container images, including custom-built images that bundle a Chrome or Chromium runtime. Any image shipping a Chrome version below 149.0.7827.155 on Windows-based containers will surface as affected in the scan results.

Available
Triage

HarborGuard scores this CVE at 8.3 HIGH (CVSS v3.1) and is capable of weighting that score against each customer environment's compliance policy to determine urgency and priority. Triage findings are routable to the appropriate team inbox within each customer organization based on per-environment policy configuration.

Available
Patch

A patched-image rebuild pinned to Chrome 149.0.7827.155 becomes available on HarborGuard for any environment found running an affected version. For customers who opt into auto-remediation, HarborGuard rebuilds the image, runs a regression test suite, and opens a pull request against affected workloads automatically; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must deliver a crafted HTML page to the victim over the network, requiring the ability to reach the victim's browser session from a remote origin.

  • AuthenticationNot required

    No account or credential is needed; the attacker only needs the victim to visit a page the attacker controls.

  • Victim interactionRequired

    The victim must visit or be socially engineered into loading the crafted HTML page in an affected version of Chrome on Windows.

  • Attack complexityDetail

    Exploitation is high-complexity because the attacker must have already compromised the Chrome renderer process before the use-after-free can be leveraged for a sandbox escape.

Blast Radius

  • An attacker escapes the Chrome sandbox and executes arbitrary code in the context of the host Windows process, outside browser protections.
  • Files, credentials, and secrets accessible to the Windows user running Chrome become readable by the attacker.
  • The attacker can write to or modify files and registry state on the host, including dropping persistent malware.
  • The host process and any dependent services can be crashed or destabilized, causing service disruption for the affected user session.

How HarborGuard Handles This

Available on HarborGuard: this CVE is matched against customer images at ingestion time, so any container image bundling Chrome below 149.0.7827.155 on Windows is flagged immediately. Where compliance policy permits, a rebuilt image at the fixed version is made available and, for customers who opt into auto-remediation, HarborGuard triggers a full rebuild, runs regression tests, and opens a pull request against affected workloads. Given the HIGH severity and the sandbox-escape capability this vulnerability enables, treating this as urgent is warranted for any environment that ships a Chrome runtime in a container. Customers who cannot immediately rebuild are advised to apply network-policy controls that restrict which origins container workloads can load, and to consider feature-flag gating on the WebShare API surface until the patched image is deployed.

See how HarborGuard automates this

Fix available

149.0.7827.155
Affected packages
  • Google / Chrome
    < 149.0.7827.155 (from 149.0.7827.155)
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
References