CVE-2026-12014

Publication date 11 June 2026

Last updated 19 June 2026

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

8.3 · High

Score breakdown

Description

Use after free in Cast in Google Chrome prior to 149.0.7827.115 allowed an attacker on the local network segment to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: High)

Read the notes from the security team

Status

Package Ubuntu Release Status
chromium-browser 26.04 LTS resolute
Not affected
25.10 questing
Not affected
24.04 LTS noble
Not affected
22.04 LTS jammy
Not affected

Notes

alexmurray

The Debian chromium source package is called chromium-browser in Ubuntu

mdeslaur

starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap

Severity score breakdown

CVSS version: CVSS v3.0

Base score 8.3 · High

Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

References

Other references

Access our resources on patching vulnerabilities