PT-2026-38134 · Google · Chrome On Android

Adithya Kotian

Published

2026-03-19

Updated

2026-05-14

CVE-2026-7941

CVSS v3.1

4.4

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.96

Description Insufficient validation of untrusted input in the mobile version allows a local attacker to inject arbitrary scripts or HTML, leading to Universal Cross-Site Scripting (UXSS), which is a vulnerability that allows an attacker to execute scripts across different origins. This is achieved via a crafted Chrome Extension.

Recommendations Update Google Chrome on Android to version 148.0.7778.96 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2026-07411

CVE-2026-7941

ECHO-2542-2038-6A46

OPENSUSE-SU-2026:10778-1

Affected Products

Chrome On Android

PT-2026-38134 · Google · Chrome On Android

CVE-2026-7941

Weakness Enumeration

Related Identifiers

Affected Products

References · 139