CVE-2026-7964 - Vulnerability Details

Description

Insufficient validation of untrusted input in FileSystem in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)

Published: 2026-05-06

Score: 4.2 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Chrome’s FileSystem implementation validates untrusted input insufficiently, allowing a crafted HTML page to exploit a renderer process that the attacker has already compromised. The flaw enables the attacker to read or write arbitrary files on the user’s system, potentially leading to data theft, tampering, or privilege escalation. This represents a significant breach of local data confidentiality and integrity for affected installations.

Affected Systems

Google Chrome versions prior to 148.0.7778.96 are affected. Users running these releases on any platform are at risk until the vulnerability is remediated.

Risk and Exploitability

The vulnerability is marked as Medium severity by Chromium’s own assessment. The CVSS score is 4.2, and exact EPSS data is not available, suggesting no evidence of widespread exploitation yet, and the feature is not listed in the CISA KEV catalog. Nonetheless, because the flaw permits arbitrary file read/write once the renderer is compromised, it remains a critical risk for environments where malware could gain renderer access or where malicious extensions could leverage the vulnerability.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Google

Chrome

affected

Version	Status	Constraints
`148.0.7778.96`	affected	< 148.0.7778.96

Configuration 1 [-]

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

No data.

Vendor Product Confidence Versions

Google

Chrome

100%

Version	Status	Scheme	Platform
`[0,148.0.7778.96)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Chrome to version 148.0.7778.96 or later to receive the fixed input validation for the FileSystem API.
Revise or remove browser extensions that request file system access, ensuring extensions only request the minimum permissions needed, mitigating potential attacker misuse of the API.
Reduce renderer process privileges by enabling site isolation or disabling the FileSystem API if possible, thereby limiting the impact of any remaining validation gaps associated with CWE‑20.

Generated by OpenCVE AI on May 7, 2026 at 00:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DSA	DSA-6250-1	chromium security update

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00038.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html
https://issues.chromium.org/issues/497254383

History

Thu, 07 May 2026 02:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple macos Linux Linux linux Kernel Microsoft Microsoft windows
CPEs		cpe:2.3:a:google:chrome:::::::: cpe:2.3:o:apple:macos:-:::::::* cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::*
Vendors & Products		Apple Apple macos Linux Linux linux Kernel Microsoft Microsoft windows

Thu, 07 May 2026 01:00:00 +0000

Type	Values Removed	Values Added
Title	Arbitrary File Read/Write via Insufficient Validation in Chrome FileSystem API

Wed, 06 May 2026 23:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 06 May 2026 22:30:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 4.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N'}`

Wed, 06 May 2026 21:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google Google chrome
Vendors & Products		Google Google chrome

Wed, 06 May 2026 21:15:00 +0000

Type	Values Removed	Values Added
Title		Arbitrary File Read/Write via Insufficient Validation in Chrome FileSystem API

Wed, 06 May 2026 18:30:00 +0000

Type	Values Removed	Values Added
Description		Insufficient validation of untrusted input in FileSystem in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses		CWE-20
References		https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/497254383

Subscriptions

Apple Macos

Google Chrome

Linux Linux Kernel

Microsoft Windows

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2026-05-06T18:12:54.526Z

Updated: 2026-05-06T21:54:23.637Z

Reserved: 2026-05-05T22:59:22.004Z

Link: CVE-2026-7964

Vulnrichment

Updated: 2026-05-06T19:27:03.549Z

NVD

Status : Analyzed

Published: 2026-05-06T19:16:46.873

Modified: 2026-05-07T02:02:37.210

Link: CVE-2026-7964

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-07T00:45:16Z

Weaknesses

CWE-20

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object