Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
9237 vulnerabilities found for Chrome by Google
CERTFR-2026-AVI-0407
Vulnerability from certfr_avis - Published: 2026-04-09 - Updated: 2026-04-09
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Chrome versions ant\u00e9rieures \u00e0 147.0.7727.55/56 pour Windows et Mac",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
},
{
"description": "Chrome versions ant\u00e9rieures \u00e0 147.0.7727.55 pour Linux",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-5879",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5879"
},
{
"name": "CVE-2026-5872",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5872"
},
{
"name": "CVE-2026-5905",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5905"
},
{
"name": "CVE-2026-5902",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5902"
},
{
"name": "CVE-2026-5875",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5875"
},
{
"name": "CVE-2026-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5914"
},
{
"name": "CVE-2026-5898",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5898"
},
{
"name": "CVE-2026-5878",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5878"
},
{
"name": "CVE-2026-5899",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5899"
},
{
"name": "CVE-2026-5886",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5886"
},
{
"name": "CVE-2026-5877",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5877"
},
{
"name": "CVE-2026-5918",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5918"
},
{
"name": "CVE-2026-5913",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5913"
},
{
"name": "CVE-2026-5867",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5867"
},
{
"name": "CVE-2026-5897",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5897"
},
{
"name": "CVE-2026-5876",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5876"
},
{
"name": "CVE-2026-5881",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5881"
},
{
"name": "CVE-2026-5880",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5880"
},
{
"name": "CVE-2026-5896",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5896"
},
{
"name": "CVE-2026-5868",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5868"
},
{
"name": "CVE-2026-5903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5903"
},
{
"name": "CVE-2026-5882",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5882"
},
{
"name": "CVE-2026-5904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5904"
},
{
"name": "CVE-2026-5911",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5911"
},
{
"name": "CVE-2026-5871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5871"
},
{
"name": "CVE-2026-5883",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5883"
},
{
"name": "CVE-2026-5909",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5909"
},
{
"name": "CVE-2026-5895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5895"
},
{
"name": "CVE-2026-5912",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5912"
},
{
"name": "CVE-2026-5894",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5894"
},
{
"name": "CVE-2026-5863",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5863"
},
{
"name": "CVE-2026-5893",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5893"
},
{
"name": "CVE-2026-5858",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5858"
},
{
"name": "CVE-2026-5908",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5908"
},
{
"name": "CVE-2026-5869",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5869"
},
{
"name": "CVE-2026-5885",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5885"
},
{
"name": "CVE-2026-5864",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5864"
},
{
"name": "CVE-2026-5861",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5861"
},
{
"name": "CVE-2026-5874",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5874"
},
{
"name": "CVE-2026-5919",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5919"
},
{
"name": "CVE-2026-5906",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5906"
},
{
"name": "CVE-2026-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5889"
},
{
"name": "CVE-2026-5887",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5887"
},
{
"name": "CVE-2026-5860",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5860"
},
{
"name": "CVE-2026-5900",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5900"
},
{
"name": "CVE-2026-5888",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5888"
},
{
"name": "CVE-2026-5870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5870"
},
{
"name": "CVE-2026-5884",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5884"
},
{
"name": "CVE-2026-5891",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5891"
},
{
"name": "CVE-2026-5866",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5866"
},
{
"name": "CVE-2026-5865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5865"
},
{
"name": "CVE-2026-5907",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5907"
},
{
"name": "CVE-2026-5892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5892"
},
{
"name": "CVE-2026-5859",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5859"
},
{
"name": "CVE-2026-5910",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5910"
},
{
"name": "CVE-2026-5915",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5915"
},
{
"name": "CVE-2026-5873",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5873"
},
{
"name": "CVE-2026-5890",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5890"
},
{
"name": "CVE-2026-5862",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5862"
},
{
"name": "CVE-2026-5901",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5901"
}
],
"initial_release_date": "2026-04-09T00:00:00",
"last_revision_date": "2026-04-09T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0407",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": "2026-04-07",
"title": "Bulletin de s\u00e9curit\u00e9 Google Chrome",
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
}
]
}
CVE-2026-5919 (GCVE-0-2026-5919)
Vulnerability from nvd – Published: 2026-04-08 21:21 – Updated: 2026-04-09 14:24
VLAI?
Summary
Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
Severity ?
6.5 (Medium)
CWE
- CWE-20 - Insufficient validation of untrusted input
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5919",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T14:22:34.544048Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T14:24:28.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Insufficient validation of untrusted input",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:21:07.618Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/483423893"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5919",
"datePublished": "2026-04-08T21:21:07.618Z",
"dateReserved": "2026-04-08T20:10:22.501Z",
"dateUpdated": "2026-04-09T14:24:28.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5918 (GCVE-0-2026-5918)
Vulnerability from nvd – Published: 2026-04-08 21:21 – Updated: 2026-04-09 14:32
VLAI?
Summary
Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Severity ?
4.3 (Medium)
CWE
- Inappropriate implementation
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T14:31:29.467482Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T14:32:05.359Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:21:07.218Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/490139441"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5918",
"datePublished": "2026-04-08T21:21:07.218Z",
"dateReserved": "2026-04-08T20:10:22.013Z",
"dateUpdated": "2026-04-09T14:32:05.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5915 (GCVE-0-2026-5915)
Vulnerability from nvd – Published: 2026-04-08 21:21 – Updated: 2026-04-09 14:35
VLAI?
Summary
Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)
Severity ?
8.1 (High)
CWE
- CWE-20 - Insufficient validation of untrusted input
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5915",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T14:34:34.786743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T14:35:09.928Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Insufficient validation of untrusted input",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:21:06.835Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/494341335"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5915",
"datePublished": "2026-04-08T21:21:06.835Z",
"dateReserved": "2026-04-08T19:34:47.097Z",
"dateUpdated": "2026-04-09T14:35:09.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5914 (GCVE-0-2026-5914)
Vulnerability from nvd – Published: 2026-04-08 21:21 – Updated: 2026-04-09 14:52
VLAI?
Summary
Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)
Severity ?
8.8 (High)
CWE
- CWE-843 - Type Confusion
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5914",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T14:51:33.022588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T14:52:06.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "Type Confusion",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:21:06.501Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/490023239"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5914",
"datePublished": "2026-04-08T21:21:06.501Z",
"dateReserved": "2026-04-08T19:34:46.841Z",
"dateUpdated": "2026-04-09T14:52:06.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5913 (GCVE-0-2026-5913)
Vulnerability from nvd – Published: 2026-04-08 21:21 – Updated: 2026-04-08 21:21
VLAI?
Summary
Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Low)
Severity ?
No CVSS data available.
CWE
- CWE-125 - Out of bounds read
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out of bounds read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:21:06.156Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/487195286"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5913",
"datePublished": "2026-04-08T21:21:06.156Z",
"dateReserved": "2026-04-08T19:34:46.615Z",
"dateUpdated": "2026-04-08T21:21:06.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5912 (GCVE-0-2026-5912)
Vulnerability from nvd – Published: 2026-04-08 21:21 – Updated: 2026-04-09 15:03
VLAI?
Summary
Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)
Severity ?
8.8 (High)
CWE
- CWE-472 - Integer overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5912",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T15:03:09.242693Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "CWE-472 External Control of Assumed-Immutable Web Parameter",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T15:03:38.091Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "Integer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:21:05.665Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/486498791"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5912",
"datePublished": "2026-04-08T21:21:05.665Z",
"dateReserved": "2026-04-08T19:34:46.388Z",
"dateUpdated": "2026-04-09T15:03:38.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5911 (GCVE-0-2026-5911)
Vulnerability from nvd – Published: 2026-04-08 21:21 – Updated: 2026-04-09 15:07
VLAI?
Summary
Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
Severity ?
4.3 (Medium)
CWE
- Policy bypass
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5911",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T15:07:13.557844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T15:07:52.663Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Policy bypass",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:21:05.248Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/485785246"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5911",
"datePublished": "2026-04-08T21:21:05.248Z",
"dateReserved": "2026-04-08T19:34:46.189Z",
"dateUpdated": "2026-04-09T15:07:52.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5910 (GCVE-0-2026-5910)
Vulnerability from nvd – Published: 2026-04-08 21:21 – Updated: 2026-04-09 15:12
VLAI?
Summary
Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)
Severity ?
8.8 (High)
CWE
- CWE-472 - Integer overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5910",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T15:11:08.626567Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "CWE-472 External Control of Assumed-Immutable Web Parameter",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T15:12:41.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "Integer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:21:04.841Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/485212874"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5910",
"datePublished": "2026-04-08T21:21:04.841Z",
"dateReserved": "2026-04-08T19:34:45.984Z",
"dateUpdated": "2026-04-09T15:12:41.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5909 (GCVE-0-2026-5909)
Vulnerability from nvd – Published: 2026-04-08 21:21 – Updated: 2026-04-09 15:25
VLAI?
Summary
Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)
Severity ?
8.8 (High)
CWE
- CWE-472 - Integer overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T15:23:42.928541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "CWE-472 External Control of Assumed-Immutable Web Parameter",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T15:25:05.889Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "Integer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:21:04.162Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/485203821"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5909",
"datePublished": "2026-04-08T21:21:04.162Z",
"dateReserved": "2026-04-08T19:34:45.718Z",
"dateUpdated": "2026-04-09T15:25:05.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5908 (GCVE-0-2026-5908)
Vulnerability from nvd – Published: 2026-04-08 21:21 – Updated: 2026-04-09 15:29
VLAI?
Summary
Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)
Severity ?
8.8 (High)
CWE
- CWE-472 - Integer overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5908",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T15:28:27.090481Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "CWE-472 External Control of Assumed-Immutable Web Parameter",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T15:29:01.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "Integer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:21:03.818Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/485115554"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5908",
"datePublished": "2026-04-08T21:21:03.818Z",
"dateReserved": "2026-04-08T19:34:44.856Z",
"dateUpdated": "2026-04-09T15:29:01.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5907 (GCVE-0-2026-5907)
Vulnerability from nvd – Published: 2026-04-08 21:21 – Updated: 2026-04-09 15:32
VLAI?
Summary
Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity: Low)
Severity ?
8.1 (High)
CWE
- Insufficient data validation
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5907",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T15:31:54.603943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T15:32:33.757Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient data validation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:21:03.423Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/484665123"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5907",
"datePublished": "2026-04-08T21:21:03.423Z",
"dateReserved": "2026-04-08T19:34:44.654Z",
"dateUpdated": "2026-04-09T15:32:33.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5906 (GCVE-0-2026-5906)
Vulnerability from nvd – Published: 2026-04-08 21:21 – Updated: 2026-04-09 15:42
VLAI?
Summary
Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
Severity ?
4.3 (Medium)
CWE
- Incorrect security UI
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5906",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T15:41:15.539466Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T15:42:03.977Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect security UI",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:21:02.617Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/484082189"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5906",
"datePublished": "2026-04-08T21:21:02.617Z",
"dateReserved": "2026-04-08T19:34:44.359Z",
"dateUpdated": "2026-04-09T15:42:03.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5905 (GCVE-0-2026-5905)
Vulnerability from nvd – Published: 2026-04-08 21:21 – Updated: 2026-04-09 15:55
VLAI?
Summary
Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity ?
6.5 (Medium)
CWE
- Incorrect security UI
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T15:54:00.424752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T15:55:38.852Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect security UI",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:21:01.314Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/483899628"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5905",
"datePublished": "2026-04-08T21:21:01.314Z",
"dateReserved": "2026-04-08T19:34:44.127Z",
"dateUpdated": "2026-04-09T15:55:38.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5904 (GCVE-0-2026-5904)
Vulnerability from nvd – Published: 2026-04-08 21:21 – Updated: 2026-04-08 21:21
VLAI?
Summary
Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)
Severity ?
No CVSS data available.
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:21:00.932Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/483851888"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5904",
"datePublished": "2026-04-08T21:21:00.932Z",
"dateReserved": "2026-04-08T19:34:43.875Z",
"dateUpdated": "2026-04-08T21:21:00.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5903 (GCVE-0-2026-5903)
Vulnerability from nvd – Published: 2026-04-08 21:21 – Updated: 2026-04-08 21:21
VLAI?
Summary
Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
Severity ?
No CVSS data available.
CWE
- Policy bypass
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Policy bypass",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:21:00.551Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/483771899"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5903",
"datePublished": "2026-04-08T21:21:00.551Z",
"dateReserved": "2026-04-08T19:34:43.635Z",
"dateUpdated": "2026-04-08T21:21:00.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5902 (GCVE-0-2026-5902)
Vulnerability from nvd – Published: 2026-04-08 21:21 – Updated: 2026-04-08 21:21
VLAI?
Summary
Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium security severity: Low)
Severity ?
No CVSS data available.
CWE
- CWE-362 - Race
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "Race",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:21:00.103Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/483109205"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5902",
"datePublished": "2026-04-08T21:21:00.103Z",
"dateReserved": "2026-04-08T19:34:43.375Z",
"dateUpdated": "2026-04-08T21:21:00.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5901 (GCVE-0-2026-5901)
Vulnerability from nvd – Published: 2026-04-08 21:20 – Updated: 2026-04-08 21:20
VLAI?
Summary
Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to bypass enterprise host restrictions for cookie modification via a crafted Chrome Extension. (Chromium security severity: Low)
Severity ?
No CVSS data available.
CWE
- Policy bypass
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to bypass enterprise host restrictions for cookie modification via a crafted Chrome Extension. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Policy bypass",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:20:59.391Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/479673903"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5901",
"datePublished": "2026-04-08T21:20:59.391Z",
"dateReserved": "2026-04-08T19:34:43.144Z",
"dateUpdated": "2026-04-08T21:20:59.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5900 (GCVE-0-2026-5900)
Vulnerability from nvd – Published: 2026-04-08 21:20 – Updated: 2026-04-08 21:20
VLAI?
Summary
Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass of multi-download protections via a crafted HTML page. (Chromium security severity: Low)
Severity ?
No CVSS data available.
CWE
- Policy bypass
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass of multi-download protections via a crafted HTML page. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Policy bypass",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:20:59.034Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/475265304"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5900",
"datePublished": "2026-04-08T21:20:59.034Z",
"dateReserved": "2026-04-08T19:34:42.921Z",
"dateUpdated": "2026-04-08T21:20:59.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5899 (GCVE-0-2026-5899)
Vulnerability from nvd – Published: 2026-04-08 21:20 – Updated: 2026-04-08 21:20
VLAI?
Summary
Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)
Severity ?
No CVSS data available.
CWE
- Incorrect security UI
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect security UI",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:20:58.656Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/474817168"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5899",
"datePublished": "2026-04-08T21:20:58.656Z",
"dateReserved": "2026-04-08T19:34:42.721Z",
"dateUpdated": "2026-04-08T21:20:58.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5898 (GCVE-0-2026-5898)
Vulnerability from nvd – Published: 2026-04-08 21:20 – Updated: 2026-04-08 21:20
VLAI?
Summary
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity ?
No CVSS data available.
CWE
- Incorrect security UI
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect security UI",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:20:58.284Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/470295118"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5898",
"datePublished": "2026-04-08T21:20:58.284Z",
"dateReserved": "2026-04-08T19:34:42.491Z",
"dateUpdated": "2026-04-08T21:20:58.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5897 (GCVE-0-2026-5897)
Vulnerability from nvd – Published: 2026-04-08 21:20 – Updated: 2026-04-08 21:20
VLAI?
Summary
Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity ?
No CVSS data available.
CWE
- Incorrect security UI
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect security UI",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:20:57.861Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/419921726"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5897",
"datePublished": "2026-04-08T21:20:57.861Z",
"dateReserved": "2026-04-08T19:34:42.284Z",
"dateUpdated": "2026-04-08T21:20:57.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5896 (GCVE-0-2026-5896)
Vulnerability from nvd – Published: 2026-04-08 21:20 – Updated: 2026-04-08 21:20
VLAI?
Summary
Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass sandbox download restrictions via a crafted HTML page. (Chromium security severity: Low)
Severity ?
No CVSS data available.
CWE
- Policy bypass
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass sandbox download restrictions via a crafted HTML page. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Policy bypass",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:20:57.512Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/40064543"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5896",
"datePublished": "2026-04-08T21:20:57.512Z",
"dateReserved": "2026-04-08T19:34:41.736Z",
"dateUpdated": "2026-04-08T21:20:57.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5895 (GCVE-0-2026-5895)
Vulnerability from nvd – Published: 2026-04-08 21:20 – Updated: 2026-04-08 21:20
VLAI?
Summary
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. (Chromium security severity: Low)
Severity ?
No CVSS data available.
CWE
- Incorrect security UI
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect security UI",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:20:57.110Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/374285495"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5895",
"datePublished": "2026-04-08T21:20:57.110Z",
"dateReserved": "2026-04-08T19:34:41.346Z",
"dateUpdated": "2026-04-08T21:20:57.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5894 (GCVE-0-2026-5894)
Vulnerability from nvd – Published: 2026-04-08 21:20 – Updated: 2026-04-08 21:20
VLAI?
Summary
Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
Severity ?
No CVSS data available.
CWE
- Inappropriate implementation
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:20:56.746Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/481882038"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5894",
"datePublished": "2026-04-08T21:20:56.746Z",
"dateReserved": "2026-04-08T19:34:41.121Z",
"dateUpdated": "2026-04-08T21:20:56.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5893 (GCVE-0-2026-5893)
Vulnerability from nvd – Published: 2026-04-08 21:20 – Updated: 2026-04-08 21:20
VLAI?
Summary
Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Severity ?
No CVSS data available.
CWE
- CWE-362 - Race
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "Race",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:20:55.922Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/487768771"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5893",
"datePublished": "2026-04-08T21:20:55.922Z",
"dateReserved": "2026-04-08T19:34:40.926Z",
"dateUpdated": "2026-04-08T21:20:55.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5892 (GCVE-0-2026-5892)
Vulnerability from nvd – Published: 2026-04-08 21:20 – Updated: 2026-04-08 21:20
VLAI?
Summary
Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. (Chromium security severity: Medium)
Severity ?
No CVSS data available.
CWE
- Insufficient policy enforcement
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient policy enforcement",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:20:54.153Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/487568011"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5892",
"datePublished": "2026-04-08T21:20:54.153Z",
"dateReserved": "2026-04-08T19:34:40.655Z",
"dateUpdated": "2026-04-08T21:20:54.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5891 (GCVE-0-2026-5891)
Vulnerability from nvd – Published: 2026-04-08 21:20 – Updated: 2026-04-08 21:20
VLAI?
Summary
Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity ?
No CVSS data available.
CWE
- Insufficient policy enforcement
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient policy enforcement",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:20:53.739Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/487471101"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5891",
"datePublished": "2026-04-08T21:20:53.739Z",
"dateReserved": "2026-04-08T19:34:40.426Z",
"dateUpdated": "2026-04-08T21:20:53.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5890 (GCVE-0-2026-5890)
Vulnerability from nvd – Published: 2026-04-08 21:20 – Updated: 2026-04-09 20:12
VLAI?
Summary
Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Severity ?
No CVSS data available.
CWE
- CWE-362 - Race
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5890",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T18:35:55.934601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T20:12:08.390Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "Race",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:20:53.327Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/487259772"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5890",
"datePublished": "2026-04-08T21:20:53.327Z",
"dateReserved": "2026-04-08T19:34:40.168Z",
"dateUpdated": "2026-04-09T20:12:08.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5889 (GCVE-0-2026-5889)
Vulnerability from nvd – Published: 2026-04-08 21:20 – Updated: 2026-04-08 21:20
VLAI?
Summary
Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. (Chromium security severity: Medium)
Severity ?
No CVSS data available.
CWE
- Cryptographic Flaw
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "147.0.7727.55",
"status": "affected",
"version": "147.0.7727.55",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cryptographic Flaw",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T21:20:52.705Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/486906037"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5889",
"datePublished": "2026-04-08T21:20:52.705Z",
"dateReserved": "2026-04-08T19:34:39.903Z",
"dateUpdated": "2026-04-08T21:20:52.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}