CVE-2026-12469: Uninitialized Use in Google Chrome
CVE-2026-12469 is a high-severity vulnerability in Google Chrome on Android versions prior to 149.0.7827.155. It involves uninitialized use in the GPU component, which could allow a remote attacker to leak cross-origin data by crafting a malicious HTML page. This vulnerability affects Chrome on Android and was publicly disclosed in June 2026. There is no explicit patch or remediation level stated in the available data, but the fixed version is 149.0.7827.155.
AI Analysis
Technical Summary
This vulnerability is an uninitialized use issue in the GPU component of Google Chrome on Android. It allows remote attackers to leak cross-origin data through a specially crafted HTML page. The issue affects versions of Chrome on Android before 149.0.7827.155. The vulnerability was assigned CVE-2026-12469 and is classified with high severity by Chromium security. No CVSS score or detailed vendor remediation level is provided, but the fixed version is indicated as 149.0.7827.155.
Potential Impact
Successful exploitation of this vulnerability could result in unauthorized disclosure of cross-origin data, potentially compromising user privacy and security. The impact is limited to data leakage rather than code execution or system compromise. There are no known exploits in the wild as of the publication date.
Mitigation Recommendations
The vulnerability is fixed in Google Chrome version 149.0.7827.155. Users and administrators should update Chrome on Android to this version or later to mitigate the risk. No other specific mitigation guidance is provided by the vendor advisory. Patch status is not explicitly confirmed in the advisory, but the presence of a fixed version indicates an official fix is available.
CVE-2026-12469: Uninitialized Use in Google Chrome
Description
CVE-2026-12469 is a high-severity vulnerability in Google Chrome on Android versions prior to 149.0.7827.155. It involves uninitialized use in the GPU component, which could allow a remote attacker to leak cross-origin data by crafting a malicious HTML page. This vulnerability affects Chrome on Android and was publicly disclosed in June 2026. There is no explicit patch or remediation level stated in the available data, but the fixed version is 149.0.7827.155.
Affected software
pkg:github/chromium/chromiumRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability is an uninitialized use issue in the GPU component of Google Chrome on Android. It allows remote attackers to leak cross-origin data through a specially crafted HTML page. The issue affects versions of Chrome on Android before 149.0.7827.155. The vulnerability was assigned CVE-2026-12469 and is classified with high severity by Chromium security. No CVSS score or detailed vendor remediation level is provided, but the fixed version is indicated as 149.0.7827.155.
Potential Impact
Successful exploitation of this vulnerability could result in unauthorized disclosure of cross-origin data, potentially compromising user privacy and security. The impact is limited to data leakage rather than code execution or system compromise. There are no known exploits in the wild as of the publication date.
Mitigation Recommendations
The vulnerability is fixed in Google Chrome version 149.0.7827.155. Users and administrators should update Chrome on Android to this version or later to mitigate the risk. No other specific mitigation guidance is provided by the vendor advisory. Patch status is not explicitly confirmed in the advisory, but the presence of a fixed version indicates an official fix is available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Chrome
- Date Reserved
- 2026-06-16T19:38:34.520Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html","vendor":"Google"}]
Threat ID: 6a31ffcc0b89be68889b027a
Added to database: 6/17/2026, 2:00:44 AM
Last enriched: 6/17/2026, 2:15:14 AM
Last updated: 6/17/2026, 4:49:12 AM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.