Description
Use after free in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)
Published: 2026-05-06
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Google Chrome’s Chromoting implementation contains a use‑after‑free bug that can be triggered by a crafted malicious file. When a local user opens the file, the freed memory can be reused to execute arbitrary code with the privileges of the current user. This flaw leads to a local privilege escalation, allowing an attacker to gain system level rights. The weakness aligns with CWE‑416, a memory management flaw.

Affected Systems

Chromium users running Google Chrome on Windows with a version older than 148.0.7778.96 are vulnerable. The issue affects the stable channel and any custom builds that include the same Chromoting implementation.

Risk and Exploitability

The vulnerability is local; an attacker must have access to the target machine’s file system to deliver the malicious payload. EPSS data is unavailable, and the flaw is not listed in CISA’s KEV catalog. However, a CVSS score of 7.8 indicates high severity, suggesting that, if an attacker can supply a malicious file, they can raise their privileges quickly.

Generated by OpenCVE AI on May 7, 2026 at 00:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Google Chrome version 148.0.7778.96 or later to eliminate the use‑after‑free bug.
  • If an update is not immediately possible, disable the Chromoting feature or delete any known malicious files before opening them.
  • Enable Windows UAC and enforce the principle of least privilege for users that must access untrusted files.

Generated by OpenCVE AI on May 7, 2026 at 00:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 00:45:00 +0000

Type Values Removed Values Added
Title Chromoting Use-After-Free in Chrome Enables Local Privilege Escalation

Wed, 06 May 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows

Wed, 06 May 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 06 May 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 06 May 2026 18:30:00 +0000

Type Values Removed Values Added
Description Use after free in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-07T03:56:26.606Z

Reserved: 2026-05-05T22:59:10.899Z

Link: CVE-2026-7925

cve-icon Vulnrichment

Updated: 2026-05-06T20:02:43.014Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T19:16:40.833

Modified: 2026-05-06T23:37:49.513

Link: CVE-2026-7925

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T00:30:12Z

Weaknesses