CVE-2026-2319
Published: 11 February 2026
Summary
CVE-2026-2319 is a high-severity Race Condition (CWE-362) vulnerability in Google Chrome. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 8.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-2319 is a race condition vulnerability (CWE-362) in the DevTools component of Google Chrome prior to version 145.0.7632.45. Published on 2026-02-11, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) and is classified as Medium severity by Chromium security.
A remote attacker can exploit this vulnerability by convincing a targeted user to engage in specific UI gestures and install a malicious extension. Successful exploitation could lead to object corruption via a malicious file, potentially resulting in high impacts to confidentiality, integrity, and availability.
Advisories recommend updating to Google Chrome 145.0.7632.45 or later for mitigation, as outlined in the Chrome Releases stable channel update at https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_10.html and the associated Chromium issue at https://issues.chromium.org/issues/40071155.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-6213
Vulnerability details
Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium security severity:…
more
Medium)
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability requires user interaction to install malicious extension and perform UI gestures, directly facilitating T1204.002 (Malicious File) and T1176.001 (Browser Extensions) for object corruption.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the race condition vulnerability by requiring timely remediation through patching to Chrome 145.0.7632.45 or later as recommended in advisories.
Prevents exploitation by enforcing organizational policies that prohibit or monitor user installation of the malicious extension required for the attack.
Deploys mechanisms to detect and block the malicious extension and file used to trigger object corruption via the DevTools race condition.