Chrome 148.0.7778.168 Chromoting Local ACL Bypass via Malicious File
CVE-2026-8586 Published on May 14, 2026
Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: Medium)
Vulnerability Analysis
Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
LOW
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2026-8586 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2026-8586
Want to know whenever a new CVE is published for Google Chrome? stack.watch will email you.
Affected Versions
Google Chrome:- Version 148.0.7778.168 and below 148.0.7778.168 is affected.