Cyber Resilience

CVE-2026-2319

High

Published: 11 February 2026

Published
11 February 2026
Modified
13 February 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0003 8.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-2319 is a high-severity Race Condition (CWE-362) vulnerability in Google Chrome. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 8.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-2319 is a race condition vulnerability (CWE-362) in the DevTools component of Google Chrome prior to version 145.0.7632.45. Published on 2026-02-11, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) and is classified as Medium severity by Chromium security.

A remote attacker can exploit this vulnerability by convincing a targeted user to engage in specific UI gestures and install a malicious extension. Successful exploitation could lead to object corruption via a malicious file, potentially resulting in high impacts to confidentiality, integrity, and availability.

Advisories recommend updating to Google Chrome 145.0.7632.45 or later for mitigation, as outlined in the Chrome Releases stable channel update at https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_10.html and the associated Chromium issue at https://issues.chromium.org/issues/40071155.

EU & UK References

Vulnerability details

Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium security severity:…

more

Medium)

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
T1176.001 Browser Extensions Persistence
Adversaries may abuse internet browser extensions to establish persistent access to victim systems.
Why these techniques?

Vulnerability requires user interaction to install malicious extension and perform UI gestures, directly facilitating T1204.002 (Malicious File) and T1176.001 (Browser Extensions) for object corruption.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-10006Same product: Apple Macos
CVE-2026-8520Same product: Apple Macos
CVE-2026-3063Same product: Apple Macos
CVE-2025-8880Same product: Apple Macos
CVE-2026-5902Same product: Apple Macos
CVE-2026-4458Same product: Apple Macos
CVE-2026-3539Same product: Apple Macos
CVE-2026-7976Same product: Apple Macos
CVE-2026-6306Same product: Apple Macos
CVE-2026-6305Same product: Apple Macos

Affected Assets

google
chrome
≤ 145.0.7632.45

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the race condition vulnerability by requiring timely remediation through patching to Chrome 145.0.7632.45 or later as recommended in advisories.

prevent

Prevents exploitation by enforcing organizational policies that prohibit or monitor user installation of the malicious extension required for the attack.

preventdetect

Deploys mechanisms to detect and block the malicious extension and file used to trigger object corruption via the DevTools race condition.

References