TL;DR
On May 6, 2026, Google and Microsoft disclosed two Chrome vulnerabilities patched in Chrome 148.0.7778.96:
- CVE-2026-7940 — a medium-severity V8 memory flaw exploitable via a malicious browser extension, potentially leading to arbitrary code execution.
- CVE-2026-7937 — a medium-severity Chromium vulnerability in DevTools policy enforcement that lets a malicious extension bypass critical restrictions.
Combined with the ClaudeBleed disclosure on AI extensions and a coordinated 108-extension malware campaign earlier in 2026, the message is clear: extension hygiene matters in 2026. The fix is straightforward — update Chrome, audit your installed extensions, and prefer small, scoped extensions like Convert: Web to PDF for sensitive workflows.
What the two CVEs actually do
CVE-2026-7940 — V8 memory handling
V8 is Chrome's JavaScript engine. The flaw is in how V8 manages memory under specific conditions that a crafted extension can trigger. Exploitation requires:
- A malicious extension installed by the user
- The extension running JavaScript that intentionally triggers the V8 weakness
- Successful memory corruption leading to arbitrary code execution within the renderer process
"Medium severity" because exploitation isn't trivial — it requires user-installed extension code — but the impact (arbitrary code execution) is serious if the chain succeeds.
CVE-2026-7937 — DevTools policy bypass
The DevTools policy enforcement layer is supposed to restrict what extensions can do in Chrome's developer tools context. The flaw allows a malicious extension to bypass those restrictions, gaining capabilities it shouldn't have.
This is a privilege-escalation flaw. The extension can't do anything new from a "totally outside Chrome" standpoint, but it can do more inside Chrome than its declared permissions should allow.
Both were patched in Chrome 148.0.7778.96 and the corresponding Edge build. Update Chrome to that version or later.
The broader 2026 picture
These two CVEs land in a year that already saw:
| Event | Date | Impact |
|---|---|---|
| 108-extension malware campaign | Q1 2026 | User data exfiltration from many users |
| Multiple Chrome zero-days | Throughout 2026 | Various; patches via Chrome updates |
| ClaudeBleed (AI agent extension) | Early May 2026 | Cross-extension agent hijack |
| CVE-2026-7940 (V8) | May 6, 2026 | Arbitrary code execution via extension |
| CVE-2026-7937 (DevTools) | May 6, 2026 | Privilege escalation via extension |
The pattern: extensions are increasingly the attack surface. Browsers have hardened the core engine; extensions are the next softest layer.
How the attack chain typically works
For CVE-2026-7940 specifically:
- User installs a malicious or compromised extension (either directly, or a previously legitimate extension that gets sold to a bad actor and updates to malicious code).
- The extension declares modest permissions on install, looking innocuous.
- The extension's code triggers the V8 flaw under specific conditions.
- The V8 corruption gives the extension execution capabilities beyond what its declared permissions should allow.
- From there, the extension can read content from pages it shouldn't be able to, exfiltrate session tokens, or escalate further.
The defense: don't install untrusted extensions; keep Chrome updated; review installed extension permissions regularly.
Why "least privilege" extensions matter
The bigger the gap between an extension's declared capabilities and the worst-case capabilities under privilege escalation, the worse the impact of a CVE like this.
Consider two extreme cases:
High-privilege extension (an AI agent that reads all tabs, holds session tokens, sends emails on your behalf, has "access all websites"):
- If hit by CVE-2026-7940, the attacker gains arbitrary code execution inside an already very privileged context.
- Blast radius: enormous — Gmail, Drive, GitHub, banking sites, internal portals.
Low-privilege extension (a single-tab PDF capture tool with activeTab and downloads permissions):
- If hit by the same CVE, the attacker gains arbitrary code execution inside a much more limited context.
- Blast radius: small — the current tab and the downloads folder.
Convert: Web to PDF is firmly in the second category. It declares the minimum permissions needed to read the current tab and save a PDF — nothing more.
A pragmatic post-CVE checklist
Steps to take this week, in order:
1. Update Chrome
Open chrome://settings/help. Confirm you're on Chrome 148.0.7778.96 or later. If not, Chrome will update on close-and-reopen.
2. Audit your installed extensions
Open chrome://extensions/. For each extension:
- Click "Details"
- Check the "Permissions" section
- Look for "Read and change all your data on all websites" — that's the high-privilege flag
- Look for "Manage your downloads," "Read your browsing history," "Communicate with cooperating native applications" — additional risk signals
Anything you don't use regularly: remove. Anything you use rarely: set Site Access to "On click."
3. Review extension provenance
For extensions still installed:
- Is the developer name reputable?
- Does the Chrome Web Store listing have a long review history with consistent quality?
- Was the extension recently sold or transferred (visible from update history)?
- Does the extension's update behavior match its declared functionality?
Extensions that have been sold to new owners are a common vector — they look legitimate (because they were) but quietly update to malicious code under new ownership.
4. Lock down high-privilege extensions
For any extension you keep that has "access all websites":
- In
chrome://extensions/→ Details → Site access, choose "On click" or limit to specific sites - This way, the extension doesn't run on every page automatically — it only runs when you explicitly trigger it
5. Prefer scoped extensions for sensitive work
For workflows touching sensitive data — HR, legal, medical, banking, internal company tools — use small, single-purpose extensions whose declared permissions are minimal.
Convert: Web to PDF for save-as-PDF, Convert: Anything to PDF for file conversion, ScrapeMaster for structured extraction — each does one job, with minimum scope.
A side-by-side: low-permission vs high-permission
| Extension type | Reads all tabs | Session token reach | Outbound network | Cross-context actions | Blast radius if pwned |
|---|---|---|---|---|---|
| AI agent extension | Yes | Yes | Yes | Yes | Very high |
| Password manager | Limited (form fields) | Limited (vault unlock) | Yes | Limited | High |
| Ad blocker | Yes (read) | No | Limited | No | Medium |
| PDF capture (Convert: Web to PDF) | No (current tab only) | No | No | No | Low |
| File conversion (Convert: Anything to PDF) | No | No | No | No | Low |
For sensitive workflows, prefer the lower rows.
How Chrome's extension model handles CVE response
Chrome auto-updates by default, which means most users get patches within days of release. If you've disabled auto-update (some enterprise environments do), explicitly update.
The Web Store also has the ability to remotely disable malicious extensions. If an extension is identified as exploiting a CVE, Google can disable it across all installed users within hours. That's a strong backstop but not infinite — the window between exploitation and detection matters.
Verifying an extension's local-only behavior
For extensions claiming to be "local-only," you can verify with Chrome's developer tools:
- Open the page you want to convert / scrape / process
- Open DevTools (F12)
- Switch to the Network tab
- Trigger the extension
- Watch for any outbound requests
A truly local extension generates zero network requests during its core operation. Convert: Web to PDF, Convert: Anything to PDF, and ScrapeMaster (for the extraction step itself) don't make network calls during their primary actions.
This is a useful smoke test you can run on any "privacy-focused" extension. If you see requests going out, the data flow isn't actually local.
What about Edge, Brave, Opera, Arc?
The Chromium codebase underpins Edge, Brave, Opera, Arc, and most agentic browsers (Atlas, Comet). The same CVEs apply. Each Chromium-based browser typically picks up the patch within days of Chrome's release, but timing varies.
- Edge 148 — patched the same day as Chrome 148.0.7778.96
- Brave / Opera — follow Chromium updates closely; check version
- Arc — typically a few days behind upstream
- Atlas / Comet — depends on the vendor's Chromium snapshot schedule; potentially longer lag
For high-sensitivity workflows, use a browser that you know is on the latest upstream.
A note on AI browser extensions specifically
ClaudeBleed (early May 2026) showed that AI browser agents have a different threat model than regular extensions. The combination of cross-tab access, authenticated session reach, and the ability to take actions on the user's behalf turns any AI extension flaw into a high-impact event.
For PDF workflows, you don't need an AI agent. A small, local-only PDF extension covers 95% of save-this-page use cases without any of the AI-agent risk. Save the AI tools for tasks where the agent's capability is the actual point — research synthesis, multi-step drafting, comparative analysis on non-sensitive material.
If you want to track AI model capabilities for that work, CineMan AI compares the major models side-by-side without uploading anything.
What "good extension hygiene" looks like in 2026
A reasonable baseline:
| Practice | Why |
|---|---|
| Update Chrome weekly | Picks up CVE patches |
| Audit extensions quarterly | Removes accumulation of unused/risky extensions |
| Per-site permissions for high-privilege extensions | Reduces ambient blast radius |
| Use scoped extensions for sensitive work | Limits worst-case impact |
| Verify local-only behavior via DevTools | Confirms claims |
| Watch CVE feeds for Chrome | Catches major issues fast |
| Subscribe to LayerX / Chromium security advisories | Specifically for extension risk |
Most users do none of these. Doing even the first three puts you ahead of 95% of the population.
Frequently asked questions
Q: Am I affected by CVE-2026-7940 if I have no extensions installed?
The CVE requires a malicious extension to trigger. Users with no extensions installed aren't exposed via this specific vector — though other CVEs from the same release affect users regardless of extensions, so update Chrome anyway.
Q: Does Convert: Web to PDF expose me to either CVE?
Convert: Web to PDF doesn't attempt to bypass DevTools policy or exploit V8 — it uses standard Chrome capture APIs. The CVEs are about malicious extensions deliberately exploiting flaws; legitimate extensions follow the documented APIs.
Q: Is there a single canonical list of malicious extensions to avoid?
No single list — but Google's Chrome Web Store removes confirmed malicious extensions, security firms publish lists of recent campaigns, and CISA advisories cover the largest incidents. Subscribing to one or two security-news feeds (LayerX, BleepingComputer, BushidoSec) is enough for most users.
Q: How do I check what version of Chrome I'm on?
Open chrome://settings/help. The version is at the top. As of May 14, 2026, you want 148.0.7778.96 or later.
Q: Does Manifest V3 fix these issues?
MV3 narrows certain categories of risk (background pages, remotely hosted code, some content-script behaviors) but doesn't fix V8 memory flaws or DevTools policy bypasses. Those are Chrome-engine-level issues independent of manifest version.
Q: What about extensions on Firefox?
Different codebase, different flaws. Firefox WebExtensions don't share the V8 codepath. But Firefox has its own vulnerability cycle; the same hygiene applies (update browser, audit extensions, prefer scoped ones).
Q: Can I disable extensions in Incognito?
Yes — in chrome://extensions/ → Details, toggle "Allow in Incognito." Default is off. For sensitive sessions, opening Incognito with no extensions is the cleanest posture.
Q: How do I report a suspected vulnerability in an extension?
For Chrome itself, the Chrome Vulnerability Reward Program covers extension-related Chrome bugs. For a specific extension, contact the developer through the listing page or, if you suspect malice, flag concern via the Chrome Web Store.
Q: What's the realistic risk of any of this happening to me?
For most users, low — these vulnerabilities require both a malicious extension and an exploit triggering the CVE. The base rate of installing genuinely malicious extensions is low if you stick to Web Store-listed extensions from reputable developers. But the cost of getting it wrong (data exfiltration, account compromise) is high. Hygiene is cheap insurance.
Q: Should I uninstall my AI browser extensions just in case?
Judgment call. If you don't use them much, yes — remove them to reduce attack surface. If you do, audit permissions, keep Chrome updated, and avoid using them on high-sensitivity workflows (banking, HR, legal).
Q: How fast does Google patch new CVEs?
Generally, days to weeks from disclosure to patched Chrome release. May 6 was the disclosure-and-patch day for these two — patches were already in 148.0.7778.96 at the time of public disclosure.
Q: Does this affect mobile Chrome?
Mobile Chrome doesn't support extensions (yet), so extension-vector CVEs don't apply. Mobile Chrome has its own patch cycle for other engine issues.
Bottom line
CVE-2026-7940 and CVE-2026-7937 are reminders that extensions are a real attack surface in 2026. The patches are easy — update Chrome to 148.0.7778.96 or later — but the deeper lesson is structural.
Audit your extensions. Remove what you don't use. Limit permissions on the high-privilege ones. Prefer scoped, single-purpose extensions for sensitive workflows — like Convert: Web to PDF, Convert: Anything to PDF, and ScrapeMaster, each of which does one job in one context with minimum permissions.
That's the entire defense. The next CVE will land. The hygiene that protected you against this one will protect you against that one too.