CVE-2026-0903

UNKNOWN

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144

Published Jan 20, 2026

Modified Today

Fix available

Details

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 allowed a remote attacker to bypass dangerous file type protections via a malicious file. (Chromium security severity: Medium)

Affected Packages

Google Chrome

Windows 10 (1507)Windows 10 (1607) / Server 2016Windows 10 (1809) / Server 2019Windows 10 (1903)Windows 10 (1909)

Fixed in:

144.0.7559.59

References

WEBhttps://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_13.html WEBhttps://issues.chromium.org/issues/444803530 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2026-0903

Weakness Type (CWE)

Input Validation

CWE-20

Improper Input Validation

Ecosystems(20)

Windows 10 (1507)Windows 10 (1607) / Server 2016 Windows 10 (1809) / Server 2019 Windows 10 (1903)Windows 10 (1909)

Timeline

PublishedJan 20, 2026

ModifiedJan 20, 2026