CVE-2026-2323
📋 TL;DR
This vulnerability in Google Chrome's Downloads feature allows attackers to create deceptive download interfaces through malicious HTML pages. Users who visit crafted websites with vulnerable Chrome versions could be tricked into downloading malicious files. The impact is limited to UI spoofing rather than code execution.
💻 Affected Systems
- Google Chrome
- Chromium-based browsers
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Users could be tricked into downloading and executing malicious files by spoofing legitimate download prompts, potentially leading to malware installation or credential theft.
Likely Case
Attackers create convincing fake download interfaces that trick users into downloading unwanted software or files, potentially leading to adware or phishing.
If Mitigated
With proper user awareness and security controls, users would recognize suspicious download prompts and avoid interacting with them.
🎯 Exploit Status
Exploitation requires user interaction (visiting malicious page and clicking download). No authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 145.0.7632.45 and later
Vendor Advisory: https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_10.html
Restart Required: Yes
Instructions:
1. Open Chrome 2. Click three-dot menu → Help → About Google Chrome 3. Chrome will automatically check for and install updates 4. Click 'Relaunch' to restart Chrome
🔧 Temporary Workarounds
Disable automatic downloads
allConfigure Chrome to ask where to save each file before downloading
chrome://settings/downloads → Toggle 'Ask where to save each file before downloading'
Use download warnings
allEnable enhanced download protection features
chrome://settings/security → Enable 'Enhanced protection' or 'Standard protection'
🧯 If You Can't Patch
- Educate users to verify download sources and avoid suspicious websites
- Implement web filtering to block known malicious domains
🔍 How to Verify
Check if Vulnerable:
Check Chrome version: chrome://version and compare to affected versionsCheck Version:
chrome://versionVerify Fix Applied:
Verify Chrome version is 145.0.7632.45 or higher📡 Detection & Monitoring
Log Indicators:
- Unusual download patterns from suspicious domains
- Multiple failed download attempts
Network Indicators:
- HTTP requests to domains hosting crafted HTML pages with download prompts
SIEM Query:
source="chrome" AND event="download" AND url CONTAINS suspicious_domain