CVE-2026-12032
LowCVSS 3.1Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
Inappropriate implementation in Passwords in Google Chrome on Android prior to version 149.0.7827.115 allowed a remote attacker who compromised the renderer process to bypass site isolation via a crafted HTML page.
Risk Assessment
An attacker could gain access to user data by bypassing site isolation security, posing a serious threat to user privacy and security.
Recommendation
It is recommended to update Google Chrome on Android to the latest version to mitigate this vulnerability and enhance browser security.
Original NVD description (English source)
Inappropriate implementation in Passwords in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

