Description
Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-11
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw was discovered in the Autofill component of Google Chrome on macOS, affecting releases prior to 149.0.7827.115. The bug allows a crafted HTML page to trigger an invalid memory access that can corrupt heap data, which in turn can lead to arbitrary code execution if sufficient conditions are met.

Affected Systems

All users running Google Chrome on macOS with a version older than 149.0.7827.115 are impacted. The vulnerability resides solely in the Chrome browser’s autofill logic and does not affect other operating system components or browsers.

Risk and Exploitability

The flaw carries a high severity rating in Chromium’s internal assessment. While an EPSS score is unavailable, the missing KEV listing suggests no publicly known exploit is active yet; however, the remote nature of the attack vector—requiring only a malicious web page—makes the vulnerability technically exploitable by any visitor to a compromised site. The potential consequence is remote code execution or denial of service on affected machines.

Generated by OpenCVE AI on June 11, 2026 at 23:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome on macOS to version 149.0.7827.115 or newer.
  • Ensure Chrome’s auto‑update feature remains enabled so that future patches are applied automatically.
  • If an immediate update cannot be applied, disable the Autofill feature via Chrome policies to reduce exposure until the vulnerability is fixed.

Generated by OpenCVE AI on June 11, 2026 at 23:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 11 Jun 2026 23:30:00 +0000

Type Values Removed Values Added
Title Use-After-Free in Chrome Autofill Allows Heap Corruption on macOS

Thu, 11 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Description Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-11T20:48:09.667Z

Reserved: 2026-06-11T18:16:05.760Z

Link: CVE-2026-12020

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-11T22:16:54.590

Modified: 2026-06-11T22:16:54.590

Link: CVE-2026-12020

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T23:30:05Z

Weaknesses