CVE-2026-12458
LOWDescription
Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| chrome | |
| apple | macos |
| linux | linux_kernel |
| microsoft | windows |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2026-12458? +
How severe is CVE-2026-12458? +
What products are affected by CVE-2026-12458? +
How do I check if I'm vulnerable to CVE-2026-12458? +
Related Vulnerabilities
User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.Displayed version does not show the layer flattened …
User Interface (UI) Misrepresentation of Critical Information vulnerability in DropBox Sign(HelloSign) allows Content Spoofing. Displayed version does not show the …
User Interface (UI) Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened …
Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability was fixed in Firefox 141.
HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's …
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into …