HIGHCVE-2026-7905Published Modified CNA Chrome
CVE-2026-7905: Insufficient validation of untrusted input in Media in Google Chrome on Android prior to 148
Insufficient validation of untrusted input in Media in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Metrics
- CVSS v3.1
- 8.3
- Severity
- HIGH
- Fixed in
- 148.0.7778.96
- Affected Products
- 1
Fix available
148.0.7778.96
Affected packages
- Google / Chrome< 148.0.7778.96 (from 148.0.7778.96)
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H