cbcvebase.
CVE-2026-7941
published 2026-05-06

CVE-2026-7941: Insufficient validation of untrusted input in Mobile in Google Chrome on Android prior to 148.0.7778.96 allowed a local attacker to inject arbitrary scripts or…

medium4.4CVSS 3.1
AVLACLPRNUIRSUCLILAN
Insufficient validation of untrusted input in Mobile in Google Chrome on Android prior to 148.0.7778.96 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via a crafted Chrome Extension. (Chromium security severity: Medium)

Affected

3 ranges
VendorProductVersion rangeFixed in
googlechrome< 148.0.7778.96148.0.7778.96
googlechrome>= 148.0.7778.96 < 148.0.7778.96148.0.7778.96
googlechrome_desktop