CVE-2026-0903
📋 TL;DR
This vulnerability allows remote attackers to bypass Chrome's dangerous file type protections on Windows systems. Attackers can trick users into downloading malicious files that would normally be blocked or flagged as dangerous. Only Google Chrome users on Windows with versions prior to 144.0.7559.59 are affected.
💻 Affected Systems
- Google Chrome
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Users could download and execute malware, ransomware, or other malicious executables that would normally be blocked by Chrome's security features, leading to full system compromise.
Likely Case
Users download disguised malicious files (like .exe files renamed to appear as documents) that execute malware, potentially leading to credential theft, data exfiltration, or system infection.
If Mitigated
With proper endpoint protection and user awareness, malicious files are detected and blocked by antivirus software before execution, limiting impact to isolated incidents.
🎯 Exploit Status
Exploitation requires user interaction (downloading a file) but no authentication. Attack complexity is low as it bypasses built-in protections rather than exploiting complex memory corruption.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 144.0.7559.59 and later
Vendor Advisory: https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_13.html
Restart Required: Yes
Instructions:
1. Open Chrome. 2. Click the three-dot menu → Help → About Google Chrome. 3. Chrome will automatically check for and install updates. 4. Click 'Relaunch' to restart Chrome with the updated version.
🔧 Temporary Workarounds
Disable automatic downloads
windowsConfigure Chrome to ask where to save each file before downloading, giving users a chance to inspect file types.
chrome://settings/downloads → Toggle 'Ask where to save each file before downloading' to ON
Use Chrome Enterprise policies
windowsDeploy group policies to restrict downloads from untrusted sources or enforce additional security checks.
Configure via Chrome Enterprise policies: DownloadRestrictions, SafeBrowsingEnabled
🧯 If You Can't Patch
- Deploy endpoint detection and response (EDR) solutions to monitor for execution of suspicious downloaded files.
- Implement web filtering/proxy solutions to block downloads of executable file types from untrusted websites.
🔍 How to Verify
Check if Vulnerable:
Check Chrome version: If version is below 144.0.7559.59 on Windows, the system is vulnerable.Check Version:
chrome://version/Verify Fix Applied:
Confirm Chrome version is 144.0.7559.59 or higher after update.📡 Detection & Monitoring
Log Indicators:
- Chrome logs showing downloads of executable files from untrusted sources
- Windows Event Logs showing execution of recently downloaded files
Network Indicators:
- HTTP traffic to domains serving executable files with unusual extensions or MIME types
SIEM Query:
source="chrome" AND event="download" AND file_extension IN ("exe", "bat", "ps1", "scr")