CVE-2026-12013

⚠️ high

Summary

Use after free in Media in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS Score

8.8

High

EPSS Score

0.2

Exploit Probability

Published Date

2026-06-11

First Seen: 2026-06-12

📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 81.1% of all 328,009 vulnerabilities in our database.

#62,016

Top 25% most severe

Severity Percentile

Last Modified 2026-06-12

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE IDs (Weakness Types)

CWE-416

📦 Affected Products 1

Vendor	Product	Status	Affected Versions
google	chrome	Affected	< 149.0.7827.115

🔗 References 2

https://chromereleases.googleblog.com/2026/06/stable...

Vendor Advisory

https://issues.chromium.org/issues/514229805

Issue Tracking Permissions Required

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-12007	⚠️ high	8.8	0.3	Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrar...	2026-06-11
CVE-2026-12008	⚠️ high	8.3	0.2	Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromi...	2026-06-11
CVE-2026-12009	⚠️ high	8.3	0.2	Insufficient validation of untrusted input in Accessibility in Google Chrome on Mac prior to 149.0.7827.115 allowed a re...	2026-06-11
CVE-2026-12010	⚠️ high	8.3	0.2	Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compro...	2026-06-11
CVE-2026-12011	⚠️ high	8.3	0.2	Use after free in WebMIDI in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromi...	2026-06-11
CVE-2026-12012	⚠️ high	8.1	0.2	Use after free in Network in Google Chrome prior to 149.0.7827.115 allowed an attacker in a privileged network position ...	2026-06-11

These CVEs affect the same products