Insufficient Input Validation in Google Chrome's Payments on Android Devices
CVE-2026-7993

Currently unrated

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-7993?

A vulnerability in the Payments feature of Google Chrome on Android devices allows a remote attacker to exploit insufficient validation of untrusted input. By compromising the renderer process, an attacker can spoof the Omnibox content using a specially crafted HTML page. This can lead to deceptive user experiences and potentially facilitate further attacks. Users are urged to update their browser to the latest version to mitigate this risk.

Affected Version(s)

Chrome 148.0.7778.96

References

https://chromereleases.googleblog.com/2026/05/stable-chan...

https://issues.chromium.org/issues/499099003

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 5, 2026

CVE-2026-7993 Data

JSON