cve 2026 7963

CVE-2026-7963 is a medium-severity vulnerability in Chromium's ServiceWorker component that allows sandbox escape. It was fixed in Google Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS after disclosure on May 6, 2026. Microsoft tracks the same issue for Chromium-based Edge through MSRC. The flaw highlights that browser sandbox security relies on multiple layers, and ServiceWorker remains a challenging area. For Windows administrators, the appropriate response is disciplined browser patching, maintaining an explicit software inventory, and not dismissing medium-severity issues as unimportant. Keeping Chrome and Edge updated is the primary mitigation.