cve 2026 7965

CVE-2026-7965 is a Chromium DevTools input-validation flaw disclosed on May 6, 2026, and fixed in Google Chrome before version 148.0.7778.96. The vulnerability also affects Chromium-based Microsoft Edge through MSRC. Although rated as a medium-severity bug, it is significant because it resides in an area where attackers can exploit it in chains, and administrators need clear patch guidance. The discussion on WindowsForum highlights the importance of patching this CVE despite its lower severity label, emphasizing the browser supply chain implications and the need for accurate product metadata in vulnerability scanners.