CVE-2026-7932 - Vulnerability Details

- Navigation Bypass via Crafted HTML in Chrome Downloads

Description

Insufficient policy enforcement in Downloads in Google Chrome prior to 148.0.7778.96 allowed a local attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Published: 2026-05-06

Score: 4.4 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Google Chrome versions prior to 148.0.7778.96 have insufficient policy enforcement in the Downloads component, allowing a local attacker to craft an HTML page that forces the browser to navigate to URLs that would normally be blocked by navigation restrictions. This access‑control flaw lets a malicious local user redirect Chrome to arbitrary destinations or initiate downloads that are otherwise disallowed, potentially facilitating delivery of malicious code or exfiltration of data.

Affected Systems

The vulnerability impacts any installation of Google Chrome running a version earlier than 148.0.7778.96. All operating systems that receive the Chrome stable channel are affected until the fix is applied.

Risk and Exploitability

The CVSS score of 4.4 reflects a medium severity, the EPSS value is unavailable, and the vulnerability is not listed in CISA’s KEV catalog. The attack requires local user privileges and a crafted HTML file, making the vector local rather than remote. Because the exploitation data is limited, real‑world risk is uncertain, but the possibility of bypassing navigation controls poses a significant threat to local users with privileged access.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Google

Chrome

affected

Version	Status	Constraints
`148.0.7778.96`	affected	< 148.0.7778.96

Configuration 1 [-]

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

No data.

Vendor Product Confidence Versions

Google

Chrome

95%

Version	Status	Scheme	Platform
`[0,148.0.7778.96)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Google Chrome to version 148.0.7778.96 or later
If an update is not immediately available, enforce stricter download policies via the Chrome administration console or local group policy to prevent unrestricted navigation triggered by downloads
Monitor for attempts to load suspicious local HTML files and consider disabling automatic download handling for untrusted content in enterprise environments

Generated by OpenCVE AI on May 7, 2026 at 03:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DSA	DSA-6250-1	chromium security update

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00004.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html
https://issues.chromium.org/issues/481634116

History

Thu, 07 May 2026 03:45:00 +0000

Type	Values Removed	Values Added
Title		Navigation Bypass via Crafted HTML in Chrome Downloads

Thu, 07 May 2026 01:45:00 +0000

Type	Values Removed	Values Added
Title	Local Attacker Bypasses Navigation Restrictions via Crafted HTML Page in Chrome Downloads
Weaknesses	CWE-284

Wed, 06 May 2026 23:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple macos Google Google chrome Linux Linux linux Kernel Microsoft Microsoft windows
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:google:chrome:::::::: cpe:2.3:o:apple:macos:-:::::::* cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::*
Vendors & Products		Apple Apple macos Google Google chrome Linux Linux linux Kernel Microsoft Microsoft windows

Wed, 06 May 2026 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 06 May 2026 20:15:00 +0000

Type	Values Removed	Values Added
Title		Local Attacker Bypasses Navigation Restrictions via Crafted HTML Page in Chrome Downloads
Weaknesses		CWE-284

Wed, 06 May 2026 18:30:00 +0000

Type	Values Removed	Values Added
Description		Insufficient policy enforcement in Downloads in Google Chrome prior to 148.0.7778.96 allowed a local attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
References		https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/481634116

Subscriptions

Apple Macos

Google Chrome

Linux Linux Kernel

Microsoft Windows

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2026-05-06T18:12:38.313Z

Updated: 2026-05-06T21:59:30.140Z

Reserved: 2026-05-05T22:59:13.124Z

Link: CVE-2026-7932

Vulnrichment

Updated: 2026-05-06T20:50:06.461Z

NVD

Status : Analyzed

Published: 2026-05-06T19:16:41.540

Modified: 2026-05-06T23:36:31.857

Link: CVE-2026-7932

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-07T03:30:20Z

Weaknesses

NVD-CWE-noinfo

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object