CVE-2026-12446: Insufficient data validation in Google Chrome
CVE-2026-12446 is a vulnerability in Google Chrome's password management prior to version 149.0.7827.155. It involves insufficient data validation that allows a remote attacker to leak cross-origin data through a crafted HTML page. The issue was classified with high security severity by the Chromium project. No CVSS score is provided, and no explicit patch or remediation level is stated in the available data. The vendor advisory link points to a Chrome stable channel update announcement but does not explicitly confirm patch status for this vulnerability.
AI Analysis
Technical Summary
This vulnerability in Google Chrome affects versions prior to 149.0.7827.155 and stems from improper data validation in the password management component. It enables a remote attacker to leak data across origins by exploiting crafted HTML content. The Chromium security team has rated this issue as high severity. The vendor advisory is available but does not explicitly detail the remediation status or patch availability for this specific CVE. No known exploits in the wild have been reported.
Potential Impact
The vulnerability allows remote attackers to bypass same-origin data protections, potentially exposing sensitive cross-origin data via crafted HTML pages. This could lead to unauthorized disclosure of user credentials or other confidential information managed by Chrome's password system. No confirmed exploitation in the wild has been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html for current remediation guidance. Until official confirmation of a fix is available, users should update to the latest Chrome version once it is released. No additional vendor-recommended mitigations are provided in the advisory.
CVE-2026-12446: Insufficient data validation in Google Chrome
Description
CVE-2026-12446 is a vulnerability in Google Chrome's password management prior to version 149.0.7827.155. It involves insufficient data validation that allows a remote attacker to leak cross-origin data through a crafted HTML page. The issue was classified with high security severity by the Chromium project. No CVSS score is provided, and no explicit patch or remediation level is stated in the available data. The vendor advisory link points to a Chrome stable channel update announcement but does not explicitly confirm patch status for this vulnerability.
Affected software
pkg:github/chromium/chromiumRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Google Chrome affects versions prior to 149.0.7827.155 and stems from improper data validation in the password management component. It enables a remote attacker to leak data across origins by exploiting crafted HTML content. The Chromium security team has rated this issue as high severity. The vendor advisory is available but does not explicitly detail the remediation status or patch availability for this specific CVE. No known exploits in the wild have been reported.
Potential Impact
The vulnerability allows remote attackers to bypass same-origin data protections, potentially exposing sensitive cross-origin data via crafted HTML pages. This could lead to unauthorized disclosure of user credentials or other confidential information managed by Chrome's password system. No confirmed exploitation in the wild has been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html for current remediation guidance. Until official confirmation of a fix is available, users should update to the latest Chrome version once it is released. No additional vendor-recommended mitigations are provided in the advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Chrome
- Date Reserved
- 2026-06-16T19:38:26.416Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html","vendor":"Google"}]
Threat ID: 6a31ffc60b89be68889b0187
Added to database: 6/17/2026, 2:00:38 AM
Last enriched: 6/17/2026, 2:17:05 AM
Last updated: 6/17/2026, 5:12:05 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.