HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-12464Published Modified CNA Chrome

CVE-2026-12464: Use after free in Browser in Google Chrome prior to 149

Use after free in Browser in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Metrics

CVSS v3.1
8.3
Severity
HIGH
Fixed in
149.0.7827.155
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A use-after-free vulnerability in the Browser component of Google Chrome (versions prior to 149.0.7827.155) allows a remote attacker who has already compromised the renderer process to escape the browser sandbox. The attacker reaches the vulnerable code over the network and must trick the victim into opening a crafted HTML page, but no authentication is required. Successful exploitation gives the attacker code execution outside the sandbox, effectively breaking Chrome's primary isolation boundary. A patched-image rebuild at 149.0.7827.155 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-12464 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images that bundle Chrome or Chromium. Any image carrying a Chrome version below 149.0.7827.155 will surface as affected in the pipeline scan results.

Available
Triage

HarborGuard scores this CVE at CVSS 8.3 (High) and weights it against each environment's compliance policy to determine urgency and routing. Findings are delivered to the appropriate team inbox within each customer org based on configured ownership rules, so the right engineers see the alert without manual triage.

Available
Patch

A patched-image rebuild pinned to Chrome 149.0.7827.155 becomes available through HarborGuard once the fix version is confirmed. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite against the updated image, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the exploit over the network by directing the victim to a crafted HTML page, so the Chrome instance must be reachable to load remote content.

  • AuthenticationNot required

    No authentication or account credentials are needed; the attacker only needs the victim to open a malicious page.

  • Victim interactionRequired

    The victim must actively open or be redirected to a crafted HTML page, making social engineering (phishing link, malicious ad, etc.) a prerequisite.

  • Attack complexityDetail

    Attack complexity is High, meaning the attacker must first compromise the renderer process before leveraging this bug for sandbox escape, introducing a meaningful prerequisite step.

Blast Radius

  • The attacker breaks out of the Chrome sandbox, gaining code execution in the context of the browser process on the victim's host.
  • With sandbox escape, the attacker reads files, credentials, and session data accessible to the browser process outside the sandbox boundary.
  • The attacker can write or modify files on the host filesystem and persist malicious code beyond the browser session.
  • The attacker can crash or otherwise disrupt the browser process and any dependent services running under the same user account.

How HarborGuard Handles This

Available on HarborGuard: images containing Chrome below 149.0.7827.155 are flagged automatically as each registry and pipeline is scanned, with no manual configuration required to pick up this CVE. A rebuilt image at the fixed version (149.0.7827.155) is available for affected environments, and for customers who opt into auto-remediation, HarborGuard triggers the rebuild, runs regression tests, and opens a pull request against affected workloads. For high-severity CVEs like this one, the median time from publication to a merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where compliance policy or deployment constraints prevent auto-remediation, HarborGuard surfaces the finding with full CVSS context and fix-version detail so engineers can act manually. Given that exploitation requires a pre-compromised renderer, teams should also review network policies that restrict Chrome-based workloads from loading arbitrary external content, as an additional compensating control while rollouts are in progress.

See how HarborGuard automates this

Fix available

149.0.7827.155
Affected packages
  • Google / Chrome
    < 149.0.7827.155 (from 149.0.7827.155)
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
References