CVE-2026-12442

hype MOSTLY HYPE · 28 hack

No KEV, NVD data, or credible PoC; social posts lack authoritative grounding.

What: Use-after-free in Chrome for Android; remote code execution via crafted HTML. Affects Chrome browser on Android devices.

Why it matters: Posts claim critical severity and RCE potential, but CVE lacks NVD enrichment, CVSS score, and KEV listing. No vendor advisory, PoC link, or confirmation of active exploitation supplied. Social chatter references unverified threat intel source; metadata lag suggests early disclosure or rumor.

Where it's seen: Two posts on Bluesky citing "critical" severity and Android exploitation vector; second post links to third-party threat tracking site (unverified authority). No Google advisory, patch notes, or defender triage signals observed.

RISK: MODERATE — Unconfirmed RCE claim in widely-used browser pending official vendor advisory.

Generated by claude-haiku-4-5 from public posts and authoritative metadata. AI can make mistakes — verify against vendor advisories before acting. 6/17/2026, 5:39:32 AM

No NVD details ingested for this CVE yet.