Chrome Linux RCE via Chromoting (CVE-2026-7898)

Vendor-confirmed - CVE-2026-7898 is a high-severity use-after-free vulnerability in Chromoting on Google Chrome for Linux prior to version 148.0.7778.96 that lets a remote attacker execute arbitrary code via malicious network traffic. Patch now - update Chrome to 148.0.7778.96 or later.

Overview

CVE-2026-7898 is a use-after-free memory corruption vulnerability in the Chromoting component of Google Chrome on Linux. Chromoting is the core technology behind Chrome Remote Desktop, managing screen sharing and remote control sessions. An attacker can trigger this flaw by sending specially crafted network traffic to a target system running an affected Chrome version. Successful exploitation requires user interaction, such as clicking a malicious link or connecting to an attacker-controlled remote desktop session.

The vulnerability carries a CVSS score of 8.8 (High) with a network attack vector and low attack complexity. No privileges are required to initiate the attack.

Impact

A remote, unauthenticated attacker who successfully exploits CVE-2026-7898 can execute arbitrary code in the context of the Chrome browser process on a Linux host. This could lead to full compromise of the browser session, including access to credentials, cookies, and other sensitive data stored locally. In enterprise environments, an attacker could pivot from the compromised browser to internal network resources.

Remediation and Mitigation

Google has addressed CVE-2026-7898 in Chrome version 148.0.7778.96 for Linux. Organizations should:

• Update immediately - Ensure all Linux endpoints running Chrome are updated to version 148.0.7778.96 or later. Chrome typically updates automatically; verify with chrome://settings/help.
• Restrict remote desktop access - Until patched, consider disabling Chrome Remote Desktop or restricting its use to trusted networks.
• Monitor for suspicious activity - Review Chrome processes and network connections for anomalous behavior, particularly on Linux systems used for remote administration.

Security Insight

CVE-2026-7898 highlights a recurring pattern in browser security: remote desktop and screen-sharing components are often less rigorously audited than core rendering engines. This vulnerability echoes past Chromoting bugs (see CISA Adds Actively Exploited Linux Root Bug CVE-2026-31) and reinforces the importance of treating remote-access features as high-risk attack surfaces. The Weekly Threat Roundup: Apache & cPanel Zero-Days (Apr 27 - May 3) and recent SAP npm packages compromised in credential-stealing attack underscore that software supply chain hygiene requires constant vigilance, even for established vendors like Google.

Further Reading

• CISA Adds Actively Exploited Linux Root Bug CVE-2026-31
• Weekly Threat Roundup: Apache & cPanel Zero-Days (Apr 27 - May 3)
• SAP npm packages compromised in credential-stealing att
• All High Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs