CVE-2026-7939: Inappropriate implementation in SanitizerAPI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a…

medium5.4CVSS 3.1

AVNACLPRNUIRSUCLILAN

Inappropriate implementation in SanitizerAPI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium)

Affected

3 ranges

Vendor	Product	Version range	Fixed in
google	chrome	< 148.0.7778.96	148.0.7778.96
google	chrome	>= 148.0.7778.96 < 148.0.7778.96	148.0.7778.96
google	chrome_desktop	—	—