Description
Inappropriate implementation in Installer in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)
Published: 2026-06-04
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from an inappropriate implementation in the Chrome installer for Windows. A malicious file present during installation can be used by a local attacker to gain operating‑system level privileges, effectively compromising the host machine. This allows the attacker to execute arbitrary code with elevated rights.

Affected Systems

The affected product is Google Chrome for Windows. Versions before 149.0.7827.53 are vulnerable. Users of any Windows workstation running these Chrome releases are at risk.

Risk and Exploitability

The vulnerability is classified as medium severity. No EPSS score is currently available and the issue is not listed in the CISA KEV catalog. Exploitation requires local access to a private file and the installation of Chrome, meaning it is not remote. Local attackers can execute the malicious file during installation to elevate privileges. Given the local nature of the attack surface, the exploitation windows are limited to environments where untrusted files can be introduced during installation.

Generated by OpenCVE AI on June 5, 2026 at 02:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to version 149.0.7827.53 or later.
  • Verify that the installer is downloaded from the official Google Chrome website and check the checksum before installation.
  • Restrict installation privileges for untrusted users and enforce software restriction policies to block unauthorized executables during installation.

Generated by OpenCVE AI on June 5, 2026 at 02:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 02:45:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Malicious Installer in Google Chrome for Windows
Weaknesses CWE-238

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in Installer in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-04T23:04:57.675Z

Reserved: 2026-06-04T17:06:50.888Z

Link: CVE-2026-11103

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T23:17:15.860

Modified: 2026-06-04T23:17:15.860

Link: CVE-2026-11103

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T02:30:29Z

Weaknesses