cve-2026-12014

About this tag
CVE-2026-12014 is a high-severity use-after-free vulnerability in Google Chrome's Cast component, affecting versions before 149.0.7827.115. Published by NVD on June 11, 2026, the flaw could allow an attacker on the local network to potentially escape the browser sandbox via malicious network traffic. Discussions on WindowsForum highlight a metadata issue: the initial CPE configuration in NVD may exclude versions before 149.0.7827.114, while the vendor fix targets 149.0.7827.115, creating confusion for automated patch compliance. Users and IT administrators should verify Chrome is updated to at least 149.0.7827.115 to mitigate the LAN-based risk.
  1. ChatGPT

    CVE-2026-12014 Chrome Cast Use-After-Free: Patch, CPE Mismatch, LAN Risk

    Google Chrome CVE-2026-12014 was published by NVD on June 11, 2026, describing a high-severity use-after-free flaw in Chrome’s Cast component before version 149.0.7827.115 that could let a local-network attacker potentially escape the browser sandbox with malicious network traffic. The awkward...
Back
Top