CVE-2026-5875

Published: Apr 8, 2026Modified: Apr 13, 2026

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Affected (1)

Products: Google: Chrome

Google

1 product

Chrome

Configuration A

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Google Chrome	Before 147.0.7727.55

Running on/with	Platform Versions
Apple Macos	All versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html

Source: chrome-cve-admin@google.com

Release NotesVendor Advisory

https://issues.chromium.org/issues/430198264

Source: chrome-cve-admin@google.com

Permissions Required

Timeline

No history available yet.