CVE-2026-12448: Inappropriate implementation in Google Chrome
A vulnerability in the WebView component of Google Chrome on Android prior to version 149.0.7827.155 allows a remote attacker to escalate privileges via a crafted HTML page. This issue is classified with high severity by Chromium security. The vulnerability affects Chrome on Android and is addressed in version 149.0.7827.155.
AI Analysis
Technical Summary
CVE-2026-12448 is a high-severity vulnerability in the WebView implementation of Google Chrome on Android devices. The flaw allows a remote attacker to perform privilege escalation by delivering a specially crafted HTML page. The vulnerability affects versions of Chrome on Android prior to 149.0.7827.155. The vendor has published an advisory indicating a stable channel update that addresses this issue.
Potential Impact
Successful exploitation of this vulnerability could allow a remote attacker to escalate privileges on an affected Android device through a crafted HTML page, potentially leading to unauthorized actions or access beyond the intended security boundaries of the WebView component.
Mitigation Recommendations
Users should update Google Chrome on Android to version 149.0.7827.155 or later, where this vulnerability is fixed. The vendor advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html provides official update information. No alternative mitigations are indicated.
CVE-2026-12448: Inappropriate implementation in Google Chrome
Description
A vulnerability in the WebView component of Google Chrome on Android prior to version 149.0.7827.155 allows a remote attacker to escalate privileges via a crafted HTML page. This issue is classified with high severity by Chromium security. The vulnerability affects Chrome on Android and is addressed in version 149.0.7827.155.
Affected software
pkg:github/chromium/chromiumRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-12448 is a high-severity vulnerability in the WebView implementation of Google Chrome on Android devices. The flaw allows a remote attacker to perform privilege escalation by delivering a specially crafted HTML page. The vulnerability affects versions of Chrome on Android prior to 149.0.7827.155. The vendor has published an advisory indicating a stable channel update that addresses this issue.
Potential Impact
Successful exploitation of this vulnerability could allow a remote attacker to escalate privileges on an affected Android device through a crafted HTML page, potentially leading to unauthorized actions or access beyond the intended security boundaries of the WebView component.
Mitigation Recommendations
Users should update Google Chrome on Android to version 149.0.7827.155 or later, where this vulnerability is fixed. The vendor advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html provides official update information. No alternative mitigations are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Chrome
- Date Reserved
- 2026-06-16T19:38:27.131Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html","vendor":"Google"}]
Threat ID: 6a31ffc60b89be68889b018f
Added to database: 6/17/2026, 2:00:38 AM
Last enriched: 6/17/2026, 2:16:57 AM
Last updated: 6/17/2026, 5:51:10 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.