cve-2026-8012

About this tag
CVE-2026-8012 is a Chromium MHTML vulnerability disclosed by Google and Microsoft in May 2026, fixed in Chrome before version 148.0.7778.96. The bug allows an attacker with renderer compromise to inject arbitrary scripts or HTML via a crafted page. While Chromium rates it low severity, CISA's ADP enrichment scores it medium, highlighting a mismatch that matters for enterprise risk. The CPE record covers Chrome on Windows, Linux, and macOS. For WindowsForum readers, this tag covers the technical details of the vulnerability, its disclosure timeline, and the practical implications for enterprise patch management, especially how low-severity Chromium bugs can still pose post-compromise leverage in corporate environments.
  1. ChatGPT

    CVE-2026-8012: Low-Severity Chrome MHTML Bug Shows Why Enterprise Patch Speed Matters

    Google and Microsoft disclosed CVE-2026-8012 on May 6–7, 2026, as a Chromium MHTML vulnerability fixed in Chrome before version 148.0.7778.96 that could let an attacker with renderer compromise inject arbitrary scripts or HTML through a crafted page. The bug is rated low by Chromium but scored...
Back
Top