Cross-Origin Data Leakage in Google Chrome by Google
CVE-2026-12458

Currently unrated

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 17 June 2026

What is CVE-2026-12458?

A vulnerability in Google Chrome prior to version 149.0.7827.155 enables a remote attacker to exploit weaknesses in the browser's handling of UI gestures. By crafting a malicious HTML page, an attacker can persuade users to interact with the page in a specific manner, potentially leaking sensitive cross-origin data. This flaw highlights the importance of secure UI design to prevent unauthorized data access.

Affected Version(s)

Chrome 149.0.7827.155

References

https://chromereleases.googleblog.com/2026/06/stable-chan...

https://issues.chromium.org/issues/517258337

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Jun 16, 2026

CVE-2026-12458 Data

JSON