Google · Chrome On Android · CVE-2026-7941
**Name of the Vulnerable Software and Affected Versions**
Google Chrome on Android versions prior to 148.0.7778.96
**Description**
Insufficient validation of untrusted input in the mobile version allows a local attacker to inject arbitrary scripts or HTML, leading to Universal Cross-Site Scripting (UXSS), which is a vulnerability that allows an attacker to execute scripts across different origins. This is achieved via a crafted Chrome Extension.
**Recommendations**
Update Google Chrome on Android to version 148.0.7778.96 or later.