cve 2026-7953

CVE-2026-7953 is a Chromium vulnerability in Chrome's Omnibox, disclosed on May 6, 2026, and fixed in Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS. Because Microsoft Edge is Chromium-based, it inherits the same upstream security exposure, requiring IT teams to patch both browsers. The NVD entry may not fully express the downstream browser ecosystem, creating a gap between database taxonomy and operational patching reality. This medium-severity bug is more interesting than its score suggests due to that gap. Discussions on WindowsForum cover the technical details, affected versions, and guidance for applying the Chrome 148 fix and corresponding Edge patches.