Description
Inappropriate implementation in UI in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High)
Published: 2026-06-04
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from an inappropriate UI implementation in Google Chrome on Windows versions prior to 149.0.7827.53. It allows a local attacker who can supply a malicious file to gain higher privileges while using the browser, effectively enabling unauthorized access to system resources. The weakness is a classic input validation flaw (CWE‑20). This can lead to unauthorized data modification or exposure, compromising confidentiality and integrity of the local machine.

Affected Systems

Affected vendors include Google, with the Chrome browser product on Windows. Any installation of Chrome on Windows that has a version earlier than 149.0.7827.53 is susceptible to the privilege‑escalation flaw.

Risk and Exploitability

The CVE is scored at 7.8, indicating a high risk when the flaw is exploitable. EPSS is not available, indicating no publicly known exploitation probability at this time, and the flaw is not listed in the CISA KEV catalog. The likely attack vector is local; an adversary who can drop a crafted file on the victim’s machine and trigger it via the UI can elevate privileges. Because the flaw requires local access, the attack surface is limited, but the high severity and permission escalation warrant prompt mitigation.

Generated by OpenCVE AI on June 5, 2026 at 04:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 149.0.7827.53 or later
  • Uninstall and reinstall Chrome after applying the update to ensure no compromised files remain
  • Enable real‑time protection in Windows Defender or a similar anti‑virus solution to block execution of unknown files

Generated by OpenCVE AI on June 5, 2026 at 04:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 02:15:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Malicious File in Google Chrome on Windows

Fri, 05 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in UI in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High)
Weaknesses CWE-20
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-05T01:05:05.895Z

Reserved: 2026-06-04T17:06:11.720Z

Link: CVE-2026-10942

cve-icon Vulnrichment

Updated: 2026-06-05T01:04:58.743Z

cve-icon NVD

Status : Received

Published: 2026-06-04T23:16:56.780

Modified: 2026-06-05T02:16:58.717

Link: CVE-2026-10942

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T04:45:32Z

Weaknesses