CVE-2026-0903
BaseFortify
Publication date: 2026-01-20
Last updated on: 2026-01-29
Assigner: Chrome
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chrome | to 144.0.7559.59 (exc) | |
| linux | linux_kernel | * |
| microsoft | windows | * |
| chrome | to 144.0.7559.60 (exc) | |
| apple | macos | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is due to an inappropriate implementation in the Downloads feature of Google Chrome on Windows versions prior to 144.0.7559.59. It allows a remote attacker to bypass protections that are meant to block dangerous file types by using a malicious file.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing a remote attacker to bypass file type protections in Google Chrome downloads, potentially leading to the download and execution of harmful files on your system.
What immediate steps should I take to mitigate this vulnerability?
Update Google Chrome on Windows to version 144.0.7559.59 or later to ensure the vulnerability is patched and dangerous file type protections are properly enforced.