cve-2026-7990

About this tag
CVE-2026-7990 is a Windows-only local privilege escalation vulnerability in the Google Chrome Updater, disclosed on May 6, 2026. The flaw was fixed in Chrome version 148.0.7778.96. Discussions on WindowsForum highlight that the Chrome Updater, often overlooked as mere plumbing, has become a critical attack surface that Windows administrators must inventory, patch, and explain. The vulnerability underscores the importance of keeping Chrome updated on Windows systems to mitigate LPE risks.
  1. CVE-2026-7990 Chrome Updater LPE on Windows: Patch Chrome 148.0.7778.96+

    Google published CVE-2026-7990 on May 6, 2026 for a Windows-only Chrome Updater flaw fixed in Chrome 148.0.7778.96, and NVD’s initial configuration models it as Google Chrome before that version running on Microsoft Windows. That is probably not a missing CPE so much as an awkward but defensible...