HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-12441Published Modified CNA Chrome

CVE-2026-12441: Use after free in File Input in Google Chrome on Linux prior to 149

Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Metrics

CVSS v3.1
8.8
Severity
HIGH
Fixed in
149.0.7827.155
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A use-after-free vulnerability exists in the File Input component of Google Chrome on Linux in versions prior to 149.0.7827.155. The flaw is reachable over the network and requires no authentication, though a victim must visit a crafted HTML page for exploitation to succeed. Successful exploitation corrupts heap memory, giving an attacker the ability to read sensitive data, tamper with application state, or crash the browser, and in likely cases achieve remote code execution within the browser process. A patched-image rebuild at version 149.0.7827.155 is available on HarborGuard for environments running an affected version of Chrome on Linux.

HarborGuard Coverage

Detection

Detection of CVE-2026-12441 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of its upstream publication, including custom-built images that bundle Google Chrome on Linux. HarborGuard ingests from Chrome and Chromium advisory feeds continuously, so newly published records appear in scan results without manual intervention.

Available
Triage

HarborGuard scores this CVE at CVSS 8.8 (High) and weights it against each environment's compliance policy to determine urgency and routing. Triage findings are delivered to the appropriate team inbox within each customer organization based on configured ownership rules, so the right engineers see it without manual triage overhead.

Available
Patch

A patched-image rebuild pinned to Chrome 149.0.7827.155 becomes available for any customer image found to carry an affected version. For customers who opt into auto-remediation, HarborGuard runs the rebuild, executes a regression test pass, and opens a PR against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the exploit over the network by directing the victim to a crafted HTML page hosted remotely, so the Chrome instance must be reachable to the web.

  • AuthenticationNot required

    No account or credential is needed; the attacker only needs the victim to load a page under the attacker's control.

  • Victim interactionRequired

    A victim must actively visit the malicious HTML page, making this a social-engineering vector that requires user action such as clicking a link or navigating to the attacker-controlled URL.

  • Attack complexityDetail

    Attack complexity is Low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other hard-to-control environmental factors.

Blast Radius

  • A successful attacker reads in-browser data including session tokens, saved credentials, and page content from any open origin.
  • The attacker modifies browser memory state, enabling tampering with rendered page content or in-flight data the browser is processing.
  • The browser process crashes or becomes unstable, disrupting the user's session and any work in progress.
  • Heap corruption at this severity level commonly provides a primitive sufficient for arbitrary code execution within the Chrome renderer or browser process on the affected Linux host.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-12441 activates the moment the advisory is ingested, flagging any customer image that includes Google Chrome on Linux below version 149.0.7827.155. A rebuilt image pinned to the fixed version (149.0.7827.155) is available for affected environments. For customers with auto-remediation enabled, HarborGuard can rebuild the image, run a regression test suite, and open a PR against affected workloads without manual steps; for high-severity issues, the median time from CVE publication to a merged patch PR in auto-remediation environments is around 90 minutes. Where compliance policy requires manual sign-off before merging, the PR is queued and the finding is routed to the configured owner inbox for review. Customers who cannot immediately update are encouraged to apply network-policy controls that restrict access to untrusted web origins from hosts running the affected Chrome version, as a compensating measure while the patched image is reviewed and promoted.

See how HarborGuard automates this

Fix available

149.0.7827.155
Affected packages
  • Google / Chrome
    < 149.0.7827.155 (from 149.0.7827.155)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References