Google Chrome Headless Sandbox Escape (CVE-2026-12027)

critical-cve-against-dependency · active

A vulnerability in the Headless component of Google Chrome before version 149.0.7827.115 could allow a remote attacker who has already compromised the renderer process to escape the browser sandbox via a crafted HTML page. Users should update Chrome to the latest stable release.

Affected packages

Sources

• ghsahttps://github.com/advisories/GHSA-88g6-23mm-rpg4
• nvdhttps://nvd.nist.gov/vuln/detail/CVE-2026-12027
• google-searchhttps://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01962725236.html
• google-searchhttps://issues.chromium.org/issues/517517155