CVE-2026-0903

Bypass Dangerous File Type Protections in Chrome Downloads on Windows

Description

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 allowed a remote attacker to bypass dangerous file type protections via a malicious file. (Chromium security severity: Medium)

INFO

Published Date :

2026-01-20T04:14:15.784Z

Last Modified :

2026-01-20T15:28:59.338Z

Source :

Chrome

AFFECTED PRODUCTS

The following products are affected by CVE-2026-0903 vulnerability.

Vendors	Products
Apple	Macos
Google	Chrome
Linux	Linux Kernel
Microsoft	Windows

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-0903.

URL	Resource
https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_13.html
https://issues.chromium.org/issues/444803530

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact