Severity by source
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
5DescriptionNVD
Inappropriate implementation in Enterprise in Google Chrome prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via physical access to the device. (Chromium security severity: Low)
AnalysisAI
Privilege escalation in Google Chrome's Enterprise feature (versions prior to 149.0.7827.53) allows a local attacker with physical device access to elevate privileges and access confidential information. The CVSS vector (AV:P/C:H) confirms the attack requires hands-on physical access to the target device, limiting the realistic threat surface to scenarios such as unattended or shared managed endpoints. No public exploit exists and no active exploitation has been identified at time of analysis; EPSS at 0.01% (1st percentile) and SSVC exploitation status of 'none' align with the low overall risk posture.
Technical ContextAI
The vulnerability stems from CWE-269 (Improper Privilege Management) within Chrome's Enterprise management implementation. Chrome Enterprise allows IT administrators to enforce device-level and browser-level policies on managed endpoints, typically via Group Policy (Windows), MDM profiles (macOS/iOS/ChromeOS), or the Chrome Browser Cloud Management service. An 'inappropriate implementation' in this layer suggests that a locally-present attacker can abuse the Enterprise policy framework, a privileged code path, or a managed configuration mechanism to gain elevated access beyond what should be permitted. The CVSS physical attack vector (AV:P) confirms exploitation cannot occur remotely - direct physical interaction with the device is mandatory. Affected CPE/version range per EUVD: Chrome versions below 149.0.7827.53.
RemediationAI
Update Google Chrome to version 149.0.7827.53 or later, which contains the vendor-released patch for this issue. The stable channel update advisory is published at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html. For enterprise-managed deployments, administrators should push the update via their MDM, Group Policy, or Chrome Browser Cloud Management console and verify all managed endpoints have applied the update. As a compensating control where immediate patching is not possible, organizations should enforce physical access controls on managed devices (screen lock policies, full-disk encryption, and device-level authentication) to limit the physical attack surface. Disabling or restricting unnecessary Enterprise policy features through the admin console may reduce the exploitable attack surface, though specific policy controls depend on deployment configuration and carry the trade-off of reducing management capability.
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34690
GHSA-9wx5-rmpr-qj4p