Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Insufficient validation of untrusted input in Cookies in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
AnalysisAI
Privilege escalation in Google Chrome versions prior to 148.0.7778.96 enables remote attackers to elevate privileges through malicious HTML pages exploiting improper cookie validation. The vulnerability requires user interaction (clicking a link or visiting a malicious site) but no authentication, making it viable for phishing or watering-hole attacks. CVSS score of 8.8 indicates high severity across confidentiality, integrity, and availability. Vendor-released patch available in Chrome 148.0.7778.96 per Google's stable channel update. EPSS and KEV data not provided; exploitation status unknown at time of analysis.
Technical ContextAI
This vulnerability stems from CWE-20 (Improper Input Validation) in Chrome's cookie handling mechanism. The browser fails to properly sanitize or validate untrusted input when processing cookies, allowing specially crafted values within HTML pages to trigger privilege escalation. Modern browsers implement complex cookie policies including SameSite attributes, secure flags, and domain restrictions; insufficient validation in any of these parsing routines can enable attackers to bypass security boundaries. The CPE identifier cpe:2.3:a:google:chrome indicates the Chromium browser engine is affected. The Chromium bug tracker reference (issues/434825208) suggests this was discovered through Google's Vulnerability Reward Program or internal security review, given the Medium security severity rating assigned by the Chromium team.
RemediationAI
Upgrade immediately to Google Chrome version 148.0.7778.96 or later, as confirmed by the stable channel update advisory at http://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html. Chrome's built-in auto-update mechanism (enabled by default) delivers this patch automatically; verify installation by navigating to chrome://settings/help. For enterprise environments using managed deployments, push version 148.0.7778.96 through group policy or mobile device management. If immediate patching is not feasible, implement compensating controls: disable automatic cookie acceptance and configure Chrome to prompt for cookies on all sites via chrome://settings/cookies (note: this severely impacts usability and breaks many web applications). Block access to untrusted sites through DNS filtering or web proxies. Deploy browser isolation solutions to contain potential compromise. These workarounds provide minimal protection and should not replace patching.
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, a
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, do
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderb
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbi
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Conta
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbi
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and Se
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13
Same weakness CWE-20 – Improper Input Validation
View allSame technique Privilege Escalation
View allVendor StatusVendor
SUSE
Severity: HighShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27963