Description
Insufficient validation of untrusted input in Chromoting in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Low)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an insufficient validation of untrusted input in Chromoting, part of Google Chrome on Windows. An attacker who can supply a malicious file to the Chromoting component can elevate privileges on the local machine, exploiting flaw categorized as CWE‑20. The problem allows a local user to execute operations with higher system rights without needing additional credentials.

Affected Systems

Google Chrome for Windows, versions earlier than 150.0.7871.47. Any installation of the affected Chrome release that includes the Chromoting feature is vulnerable.

Risk and Exploitability

The flaw carries a low security severity according to Chromium. It requires local access to drop a malicious file and a running instance of Chrome; no network exploitation is needed. Because the EPSS score is not available and the vulnerability is not listed in CISA KEV, the current evidence suggests a modest likelihood of exploitation in the wild, but an attacker with local control can readily achieve privilege escalation if the patch is not applied.

Generated by OpenCVE AI on July 1, 2026 at 07:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 150.0.7871.47 or newer, confirming that the update has been installed via Chrome's automatic update mechanism or the chrome://upgrade page.
  • If a timely update is not possible, disable the Chromoting feature using Chrome enterprise policy or by blocking the associated component from executing.
  • Monitor the system for suspicious files or Chromoting activity and keep anti‑malware tools current to detect and remove malicious payloads.

Generated by OpenCVE AI on July 1, 2026 at 07:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 07:30:00 +0000

Type Values Removed Values Added
Title Insufficient Input Validation in Chrome Chromoting Leading to Local Privilege Escalation

Wed, 01 Jul 2026 02:15:00 +0000

Type Values Removed Values Added
Title Insufficient Input Validation in Chrome Chromoting Leading to Local Privilege Escalation

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient validation of untrusted input in Chromoting in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Low)
Weaknesses CWE-20
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:39:12.764Z

Reserved: 2026-06-29T23:11:34.066Z

Link: CVE-2026-14060

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T07:15:03Z

Weaknesses
  • CWE-20

    Improper Input Validation