Google — Chrome, Android & Chromium Security Issues 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は バッファオーバーフロー、vendor risk input validation, and パス処理の欠陥 に関連することが多く、vendor surface system components and vendor surface server deployment の文脈で vendor impact unexpected behavior and ファイル上書き などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-12035 | Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | [email protected] | 8.8 | 0.19% | 2026-06-11 | 2026-06-12 |
| CVE-2026-12034 | Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) | [email protected] | 8.3 | 0.17% | 2026-06-11 | 2026-06-12 |
| CVE-2026-12033 | Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | [email protected] | 5.3 | 0.17% | 2026-06-11 | 2026-06-12 |
| CVE-2026-12032 | Inappropriate implementation in Passwords in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High) | [email protected] | 3.1 | 0.13% | 2026-06-11 | 2026-06-12 |
| CVE-2026-12031 | Inappropriate implementation in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | [email protected] | 8.3 | 0.17% | 2026-06-11 | 2026-06-12 |
| CVE-2026-12030 | Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | [email protected] | 8.3 | 0.17% | 2026-06-11 | 2026-06-12 |
| CVE-2026-12029 | Use after free in Video in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | [email protected] | 8.3 | 0.17% | 2026-06-11 | 2026-06-12 |
| CVE-2026-12028 | Use after free in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | [email protected] | 8.3 | 0.21% | 2026-06-11 | 2026-06-12 |
| CVE-2026-12027 | Inappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | [email protected] | 9.6 | 0.22% | 2026-06-11 | 2026-06-13 |
| CVE-2026-12026 | Out of bounds read in Video in Google Chrome on ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | [email protected] | 6.5 | 0.17% | 2026-06-11 | 2026-06-15 |
| CVE-2026-12025 | Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | [email protected] | 5.3 | 0.22% | 2026-06-11 | 2026-06-12 |
| CVE-2026-12024 | Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High) | [email protected] | 6.5 | 0.16% | 2026-06-11 | 2026-06-13 |
| CVE-2026-12023 | Use after free in GPU in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | [email protected] | 8.3 | 0.21% | 2026-06-11 | 2026-06-12 |
| CVE-2026-12022 | Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) | [email protected] | 8.3 | 0.06% | 2026-06-11 | 2026-06-13 |
| CVE-2026-12020 | Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | [email protected] | 8.8 | 0.22% | 2026-06-11 | 2026-06-13 |
| CVE-2026-12019 | Heap buffer overflow in Codecs in Google Chrome on Linux and ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | [email protected] | 8.3 | 0.23% | 2026-06-11 | 2026-06-13 |
| CVE-2026-12018 | Inappropriate implementation in Mojo in Google Chrome on Windows prior to 149.0.7827.115 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) | [email protected] | 8.8 | 0.16% | 2026-06-11 | 2026-06-12 |
| CVE-2026-12017 | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High) | [email protected] | 3.1 | 0.18% | 2026-06-11 | 2026-06-13 |
| CVE-2026-12016 | Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | [email protected] | 8.3 | 0.22% | 2026-06-11 | 2026-06-13 |
| CVE-2026-12015 | Use after free in Autofill in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | [email protected] | 5.3 | 0.20% | 2026-06-11 | 2026-06-13 |