Remote Code Execution Vulnerability in Google Chrome Extensions
CVE-2026-12457

Currently unrated

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 17 June 2026

What is CVE-2026-12457?

A significant flaw in Google Chrome prior to version 149.0.7827.155 was identified in the handling of Extensions. This vulnerability enabled a remote attacker, who successfully compromised the renderer process, to bypass the site isolation feature through the use of a specially crafted HTML page. This exploitation compromises the security model of Chrome by allowing unauthorized access to content across origins.

Affected Version(s)

Chrome 149.0.7827.155

References

https://chromereleases.googleblog.com/2026/06/stable-chan...

https://issues.chromium.org/issues/517153117

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Jun 16, 2026

CVE-2026-12457 Data

JSON