—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Google Chrome for Desktop

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Google Chrome versions prior to 149.0.7827.155 for Linux

Google Chrome versions prior to 149.0.7827.155/156 for Windows and Mac

Overview

Multiple vulnerabilities have been reported in Google Chrome which could allow a remote attacker to execute arbitrary code, obtain sensitive information, bypass security restrictions, perform spoofing attacks or cause denial of service (DoS) conditions on the targeted system.

Target Audience:

All end-user organizations and individuals using Google Chrome for Desktop.

Risk Assessment:

High risk of remote code execution, unauthorized access to sensitive data, memory corruption and security bypass.

Impact Assessment:

Potential for system compromise, sensitive information disclosure, privilege escalation or service disruption.

Description

Google Chrome is a popular internet browser used for accessing information on the World Wide Web. It is designed for use on desktop systems including Windows, macOS and Linux.

Multiple vulnerabilities exist in Google Chrome due to Use after free in WebShare, Digital Credentials, File Input, Passwords, Web Authentication, Extensions, Chromoting, Downloads, Tab Strip, Media and Browser; Heap buffer overflow in WebRTC; Out of bounds read in Chromoting and WebRTC; Insufficient data validation in Passwords and Extensions; Insufficient validation of untrusted input in Input, Extensions and Metrics; Insufficient policy enforcement in File System Access; Inappropriate implementation in WebView, Media, Serial, Views and Updater; Incorrect security UI in Passwords; Race condition in Safe Browsing; and Uninitialized Use in GPU. A remote attacker could exploit these vulnerabilities by convincing a victim to open a specially crafted web request.

Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code, obtain sensitive information, bypass security restrictions or cause denial of service (DoS) conditions on the targeted system.

Solution

Apply appropriate updates as mentioned as mentioned by the Vendor:

https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html

Vendor Information

Google Chrome

https://chromereleases.googleblog.com/

References

 

https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html

CVE Name

CVE-2026-12437

CVE-2026-12438

CVE-2026-12439

CVE-2026-12440

CVE-2026-12441

CVE-2026-12442

CVE-2026-12443

CVE-2026-12444

CVE-2026-12445

CVE-2026-12446

CVE-2026-12447

CVE-2026-12448

CVE-2026-12449

CVE-2026-12450

CVE-2026-12451

CVE-2026-12452

CVE-2026-12453

CVE-2026-12454

CVE-2026-12455

CVE-2026-12456

CVE-2026-12457

CVE-2026-12458

CVE-2026-12459

CVE-2026-12460

CVE-2026-12461

CVE-2026-12462

CVE-2026-12463

CVE-2026-12464

CVE-2026-12465

CVE-2026-12466

CVE-2026-12467

CVE-2026-12468

CVE-2026-12469

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmo7vs0ACgkQ3jCgcSdc

ys982Q//ULUfMziz7ejpaTJAal1BFiWp6qdKwYUdCY5dndX1r2ivZyEkpZeHzhJV

z97tzZ9CW875MhkmP1ZYxksNjc+UHzr5Elht9reD/RFER+QHq+IyyU7ioaI/Nx0X

nkAO83gqs06vTocA8hHWRLCNZZlXPnyzzXv3BpA7E38sxMGKgnLya741hBk0gh/c

mNbfFeK1BfuCjrsvENTgQJ53rp8k29V/IwiLUdp4KwJWnFdOjZ6wbRdYLtcXNsP9

7wSFoNE+gm7A0alg/2H6Aa4pnVp/jOMkizHT5HTOPHiuaT4XAt9sJd1ZHPMoUbFy

snF3vs4gKwXmRRSYxOcrCG9imuWFEIkA2zUSPqbjcMWCVuqLCtfndHlMEdBHpBnn

+f7Xmk/uI7whzE26+CbptzNt1t6n6Sni8eLsPDJmaxU/1wUaaRNOY3sRt9zEFxMI

N5T+tMmpUdCwe8OV1+b/fepsl3Cvy2uUH9YfosG9W8pqyI4nQoWzpPLopVy+gOpT

1zxM3oZwy/+fZ8D9evT1++Mjpr+IG+Kfg55ywtGGBxCaUNAAtZPlKOj5ED6cVocL

ZSAnEqiEiTYpOJ1tf9RWOiky/h2h1WYx1giBpldVFr25LDulSxTiqsCipxdwBOGo

PUGvd6MqLTQYdwMPrX/VbQzIhziSQPYvWiPRZ2KjWwCXo8riyeo=

=I1a6

—–END PGP SIGNATURE—–