cve-2026-7994

About this tag
CVE-2026-7994 is a Chromoting vulnerability in Google Chrome on Windows prior to version 148.0.7778.96. It allows a local attacker to escalate privileges to the OS level by convincing a user to interact with a malicious file. Published on May 6, 2026, alongside Chrome 148's security update, this bug is tracked by Microsoft because Windows is the affected operating system. The vulnerability highlights how remote-access features can become part of the local privilege boundary on Windows systems. Discussions on WindowsForum cover the technical details, affected versions, and mitigation steps for this CVE.
  1. CVE-2026-7994: Chrome Chromoting Bug Lets Local Attackers Escalate on Windows

    Google Chrome on Windows prior to version 148.0.7778.96 is affected by CVE-2026-7994, a newly published Chromoting vulnerability that can let a local attacker escalate to OS-level privileges by convincing a user to interact with a malicious file. The bug landed in the public vulnerability...