CVE-2026-0904
📋 TL;DR
This vulnerability in Google Chrome allows attackers to spoof website domains through manipulated digital credential security interfaces. Users who visit malicious HTML pages with Chrome versions before 144.0.7559.59 are affected, potentially leading to phishing attacks.
💻 Affected Systems
- Google Chrome
- Chromium-based browsers
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Users could be tricked into entering sensitive credentials on spoofed websites that appear legitimate, leading to account compromise and data theft.
Likely Case
Phishing attacks where users believe they're on legitimate sites but are actually on attacker-controlled domains, potentially leading to credential harvesting.
If Mitigated
With proper user awareness training and multi-factor authentication, the impact is reduced as users are less likely to fall for spoofed sites.
🎯 Exploit Status
Exploitation requires user interaction (visiting a crafted HTML page) but no authentication or special privileges.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 144.0.7559.59 and later
Vendor Advisory: https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_13.html
Restart Required: Yes
Instructions:
1. Open Chrome 2. Click menu (three dots) → Help → About Google Chrome 3. Chrome will automatically check for and install updates 4. Click 'Relaunch' when prompted
🔧 Temporary Workarounds
Disable automatic credential saving
allPrevents Chrome from saving or auto-filling credentials, reducing impact of credential harvesting
chrome://settings/passwords → Turn off 'Offer to save passwords' and 'Auto Sign-in'
Use browser extensions for domain verification
allInstall extensions that provide additional visual indicators for verified domains
🧯 If You Can't Patch
- Implement network filtering to block known malicious domains and suspicious HTML pages
- Deploy endpoint protection that detects and blocks phishing attempts and credential harvesting
🔍 How to Verify
Check if Vulnerable:
Check Chrome version: If version is less than 144.0.7559.59, system is vulnerableCheck Version:
chrome://version/ (look for 'Google Chrome' version number)Verify Fix Applied:
Confirm Chrome version is 144.0.7559.59 or higher after update📡 Detection & Monitoring
Log Indicators:
- Unusual credential submission patterns
- Multiple failed login attempts from same user
Network Indicators:
- Traffic to domains with similar names to legitimate sites
- Suspicious redirect chains
SIEM Query:
source="chrome_logs" AND (event="credential_submission" AND url CONTAINS "suspicious_domain")