Sandbox Escape Vulnerability in Google Chrome for Android
CVE-2026-12438

Currently unrated

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 17 June 2026

What is CVE-2026-12438?

A vulnerability in the WebView component of Google Chrome for Android prior to version 149.0.7827.155 may allow a remote attacker to execute a sandbox escape through a specially crafted HTML page. This issue arises when the renderer process is compromised, potentially exposing users to various threats as the attacker can exploit this weakness to break the confines of the sandboxed environment.

Affected Version(s)

Chrome 149.0.7827.155

References

https://chromereleases.googleblog.com/2026/06/stable-chan...

https://issues.chromium.org/issues/516947912

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Jun 16, 2026

CVE-2026-12438 Data

JSON