CVE-2026-2319

High

Published: 11 February 2026

Published

11 February 2026

Modified

13 February 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0003 8.0th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-2319 is a high-severity Race Condition (CWE-362) vulnerability in Google Chrome. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 8.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Malicious File (T1204.002) and 1 other technique.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

AU-8 Time Stamps

addresses: CWE-362

Accurate timestamps from internal clocks enable detection of race conditions by providing reliable event ordering in audit logs.

PL-6 Security-related Activity Planning

addresses: CWE-362

Coordination of concurrent security activities reduces the probability that shared resources will be accessed simultaneously without proper synchronization.

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

T1176.001 Browser Extensions Persistence

Adversaries may abuse internet browser extensions to establish persistent access to victim systems.

attack.mitre.org →

Why these techniques?

Vulnerability requires user interaction to install malicious extension and perform UI gestures, directly facilitating T1204.002 (Malicious File) and T1176.001 (Browser Extensions) for object corruption.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium security severity:…

Medium)

Deeper analysisAI

CVE-2026-2319 is a race condition vulnerability (CWE-362) in the DevTools component of Google Chrome prior to version 145.0.7632.45. Published on 2026-02-11, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) and is classified as Medium severity by Chromium security.

A remote attacker can exploit this vulnerability by convincing a targeted user to engage in specific UI gestures and install a malicious extension. Successful exploitation could lead to object corruption via a malicious file, potentially resulting in high impacts to confidentiality, integrity, and availability.

Advisories recommend updating to Google Chrome 145.0.7632.45 or later for mitigation, as outlined in the Chrome Releases stable channel update at https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_10.html and the associated Chromium issue at https://issues.chromium.org/issues/40071155.

Details

CWE(s): CWE-362

Affected Products

google

chrome

≤ 145.0.7632.45

CVEs Like This One

CVE-2026-3063Same product: Apple Macos

CVE-2025-8880Same product: Apple Macos

CVE-2026-5902Same product: Apple Macos

CVE-2026-4458Same product: Apple Macos

CVE-2026-3539Same product: Apple Macos

CVE-2026-5287Same product: Apple Macos

CVE-2026-5908Same product: Apple Macos

CVE-2026-5904Same product: Apple Macos

CVE-2026-6305Same product: Apple Macos

CVE-2025-8576Same product: Apple Macos

References

https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_10.html
Release Notes, Vendor Advisory · chrome-cve-admin@google.com
https://issues.chromium.org/issues/40071155
Permissions Required · chrome-cve-admin@google.com