Description
Race in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)
Published: 2026-05-06
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a race condition in Chrome’s chromoting component on Windows that allows a local attacker who can create a malicious file to gain elevated privileges. The flaw is identified as CWE‑362 and the Chromium project rates its severity as Medium.

Affected Systems

Google Chrome running on Windows is affected. Versions prior to 148.0.7778.96 on Windows are potentially vulnerable, as indicated by the advisory. No additional version details are provided in the CVE entry.

Risk and Exploitability

The EPSS score is not available, and the vulnerability is not listed in CISA KEV. The CVSS score of 7.5 indicates a High severity. Because the race condition requires local execution of a crafted file, the attack vector is local. An attacker can place a malicious file that exploits the race, leading to privilege escalation and potentially compromising confidentiality, integrity, and availability of the affected system.

Generated by OpenCVE AI on May 7, 2026 at 01:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Google Chrome update which contains the chromoting race condition fix.
  • Apply least privilege and application whitelisting to prevent local users from running arbitrary files that could exploit the race condition.
  • Keep system anti‑malware and monitoring tools enabled to detect unauthorized file creations that may target the chromoting component.

Generated by OpenCVE AI on May 7, 2026 at 01:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6250-1 chromium security update
History

Thu, 07 May 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows

Thu, 07 May 2026 01:30:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Race Condition in Chrome’s Chromoting Feature

Wed, 06 May 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 06 May 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 06 May 2026 20:00:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Race Condition in Chrome’s Chromoting Feature

Wed, 06 May 2026 18:30:00 +0000

Type Values Removed Values Added
Description Race in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)
Weaknesses CWE-362
References

Subscriptions

Google Chrome
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-07T03:56:22.106Z

Reserved: 2026-05-05T22:59:17.592Z

Link: CVE-2026-7948

cve-icon Vulnrichment

Updated: 2026-05-06T19:40:27.329Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T19:16:43.113

Modified: 2026-05-07T02:08:49.620

Link: CVE-2026-7948

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T01:15:17Z

Weaknesses