CVE-2026-0903 — Improper Input Validation in Google Chrome

CWE-20 — Improper Input Validation7 documents7 sources

Severity

5.4MEDIUMNVD

EPSS

0.0%

top 88.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium

Timeline

PublishedJan 20

Description

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 allowed a remote attacker to bypass dangerous file type protections via a malicious file. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages3 packages

▶CVEListV5google/chrome144.0.7559.59 — 144.0.7559.59

▶NVDgoogle/chrome< 144.0.7559.59+1

▶Debianchromium/chromium< 144.0.7559.59-1~deb12u1+2

🔴Vulnerability Details

GHSA

GHSA-743w-qrv8-633j: Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144↗2026-01-20

▶

OSV

CVE-2026-0903: Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144↗2026-01-20

▶

CVEList

CVE-2026-0903: Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144↗2026-01-20

▶

📋Vendor Advisories

Microsoft

Chromium: CVE-2026-0903 Insufficient validation of untrusted input in Downloads↗2026-01-13

▶

Debian

CVE-2026-0903: chromium - Inappropriate implementation in Downloads in Google Chrome on Windows prior to 1...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-0903 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶