Skip to content
CVSS 7.8 · HIGH

CVE-2026-7990

Insufficient validation of untrusted input in Updater in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)

View on NVD

Analysis

Google Chrome on Windows has a vulnerability in its updater component that allows a local attacker to gain OS-level privileges. If you use Chrome on Windows, ensure you have updated to version 148.0.7778.96 or later to prevent an attacker with machine access from taking full control of the system.

Severity

Score: 7.8(HIGH)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AV: LOCAL
AC: LOW
PR: NONE
UI: REQUIRED
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-20

EPSS

No EPSS score yet (CVE may be too fresh).

Affects

google:chromemicrosoft:windows

Technical description

Insufficient validation of untrusted input in Updater in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)

Published: 5/6/2026, 7:16:49 PM
Last modified: 5/6/2026, 11:20:16 PM

References

HomeEventsBlogResourcesTeam