Insufficient Policy Enforcement Issue in Google Chrome
CVE-2026-12460

Currently unrated

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 17 June 2026

What is CVE-2026-12460?

A vulnerability in Google Chrome's File System Access feature has been identified, which allows a remote attacker to exploit insufficient policy enforcement. This occurs when an attacker, who has compromised the renderer process, can bypass site isolation mechanisms using a specially crafted PDF file. This could potentially lead to unauthorized access to sensitive data or manipulation of the web application environment.

Affected Version(s)

Chrome 149.0.7827.155

References

https://chromereleases.googleblog.com/2026/06/stable-chan...

https://issues.chromium.org/issues/517484284

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Jun 16, 2026

CVE-2026-12460 Data

JSON