CVE-2026-5915
published 2026-04-08CVE-2026-5915: Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write…
high8.1CVSS 3.1
AVNACLPRNUIRSUCNIHAH
Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | chromium | < chromium 147.0.7727.55-1 (sid) | chromium 147.0.7727.55-1 (sid) |
| chrome | < 147.0.7727.55 | 147.0.7727.55 | |
| chrome | >= 147.0.7727.55 < 147.0.7727.55 | 147.0.7727.55 | |
| chrome_chrome | — | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
osv8.1HIGH
GHSA
GHSA-88qr-f9fq-422w: Insufficient validation of untrusted input in WebML in Google Chrome prior to 147
ghsa_unreviewed·2026-04-09
CVE-2026-5915 [HIGH] CWE-20 GHSA-88qr-f9fq-422w: Insufficient validation of untrusted input in WebML in Google Chrome prior to 147
Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)
OSV
CVE-2026-5915: Insufficient validation of untrusted input in WebML in Google Chrome prior to 147
osv·2026-04-08·CVSS 8.1
CVE-2026-5915 [HIGH] CVE-2026-5915: Insufficient validation of untrusted input in WebML in Google Chrome prior to 147
Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)
Chrome
Stable Channel Update for Desktop: CVE-2026-5915
vendor_chrome·2026-04-07·CVSS 8.1
CVE-2026-5915 [LOW] Stable Channel Update for Desktop: CVE-2026-5915
Stable Channel Update for Desktop
CVE-2026-5915: Insufficient validation of untrusted input in WebML. Reported by ningxin
Severity: low
Red Hat
chromium-browser: Insufficient validation of untrusted input in WebML
vendor_redhat·2026-04-07·CVSS 8.1
CVE-2026-5915 [HIGH] CWE-787 chromium-browser: Insufficient validation of untrusted input in WebML
chromium-browser: Insufficient validation of untrusted input in WebML
An insufficient validation of untrusted input flaw was found in the WebML component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=494341335
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Debian
CVE-2026-5915: chromium - Insufficient validation of untrusted input in WebML in Google Chrome prior to 14...
vendor_debian·2026·CVSS 8.1
CVE-2026-5915 [HIGH] CVE-2026-5915: chromium - Insufficient validation of untrusted input in WebML in Google Chrome prior to 14...
Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)
Scope: local
bookworm: open
bullseye: open
forky: open
sid: resolved (fixed in 147.0.7727.55-1)
trixie: open
No detection rules found.
No public exploits indexed.
Sans Isc
Microsoft Patch Tuesday April 2026., (Tue, Apr 14th)
blogs_sans_isc·2026-04-14·CVSS 8.8
[HIGH] Microsoft Patch Tuesday April 2026., (Tue, Apr 14th)
Microsoft Patch Tuesday April 2026.
Published: 2026-04-14. Last Updated: 2026-04-14 17:46:09 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)
This month's Microsoft Patch Tuesday looks like a record one, but let's look at it a bit closer to understand what is happening
The update patches a total of 243 vulnerabilities. However, 78 of them are Chromium issues affecting Microsoft Edge. Patches for Edge were released earlier. This leaves 165 vulnerabilities that are not Edge-related. Of these, 8 are rated critical, and 154 are important. One vulnerability has already been exploited, and another was made public before today but has not yet been seen in the wild.
Noteworthy Vulnerabilities:
CVE-2026-33827 (Windows TCP/IP Remote Code Execution Vulnerability): As a packet nerd, I love thes
Wiz
CVE-2026-5906 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2026-5906 [MEDIUM] CVE-2026-5906 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5906 :
Google Chrome vulnerability analysis and mitigation
Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
## 4.3
Score
Published April 8, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM No Fix Added at: Apr 09, 2026
Echo Severity MEDIUM No Fix Added at: A
Wiz
CVE-2026-5858 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5858 [HIGH] CVE-2026-5858 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5858 :
Google Chrome vulnerability analysis and mitigation
Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 2026
## Ge
Wiz
CVE-2026-5886 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5886 [HIGH] CVE-2026-5886 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5886 :
Google Chrome vulnerability analysis and mitigation
Out of bounds read in WebAudio in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Wi
Wiz
CVE-2026-5877 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5877 [HIGH] CVE-2026-5877 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5877 :
Google Chrome vulnerability analysis and mitigation
Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 0
Wiz
CVE-2026-5911 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2026-5911 [MEDIUM] CVE-2026-5911 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5911 :
Google Chrome vulnerability analysis and mitigation
Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
## 4.3
Score
Published April 8, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM No Fix Added at: Apr 09, 2026
Echo Severity MEDIUM No Fix Added at: Apr 09, 2026
Linux Severit
Wiz
CVE-2026-5915 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5915 [HIGH] CVE-2026-5915 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5915 :
Google Chrome vulnerability analysis and mitigation
Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
## 8.1
Score
Published April 8, 2026
Severity HIGH
CNA Score 8.1
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH No Fix Added at: Apr 09, 2026
Echo Severity HIGH No Fix Added at: Apr 0
Wiz
CVE-2026-5864 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5864 [HIGH] CVE-2026-5864 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5864 :
Google Chrome vulnerability analysis and mitigation
Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows H
Wiz
CVE-2026-5866 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5866 [HIGH] CVE-2026-5866 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5866 :
Google Chrome vulnerability analysis and mitigation
Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source : NVD
## 8.8
Score
Published April 8, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH No Fix Added at: Apr 09, 2026
Echo Severity HIGH No Fix Added at: Apr 09, 2026
Linux Severity H
Wiz
CVE-2026-5892 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5892 [HIGH] CVE-2026-5892 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5892 :
Google Chrome vulnerability analysis and mitigation
Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at
Wiz
CVE-2026-5881 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5881 [HIGH] CVE-2026-5881 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5881 :
Google Chrome vulnerability analysis and mitigation
Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09,
Wiz
CVE-2026-5888 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5888 [HIGH] CVE-2026-5888 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5888 :
Google Chrome vulnerability analysis and mitigation
Uninitialized Use in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows H
Wiz
CVE-2026-5896 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5896 [HIGH] CVE-2026-5896 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5896 :
Google Chrome vulnerability analysis and mitigation
Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass sandbox download restrictions via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr
Wiz
CVE-2026-5859 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5859 [HIGH] CVE-2026-5859 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5859 :
Google Chrome vulnerability analysis and mitigation
Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 202
Wiz
CVE-2026-5903 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5903 [HIGH] CVE-2026-5903 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5903 :
Google Chrome vulnerability analysis and mitigation
Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: A
Wiz
CVE-2026-5875 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5875 [HIGH] CVE-2026-5875 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5875 :
Google Chrome vulnerability analysis and mitigation
Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 2026
## Get a CVE risk
Wiz
CVE-2026-5872 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5872 [HIGH] CVE-2026-5872 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5872 :
Google Chrome vulnerability analysis and mitigation
Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 2026
Wiz
CVE-2026-5894 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5894 [HIGH] CVE-2026-5894 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5894 :
Google Chrome vulnerability analysis and mitigation
Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 202
Wiz
CVE-2026-5863 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5863 [HIGH] CVE-2026-5863 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5863 :
Google Chrome vulnerability analysis and mitigation
Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: A
Wiz
CVE-2026-5878 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5878 [HIGH] CVE-2026-5878 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5878 :
Google Chrome vulnerability analysis and mitigation
Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 2026
## Get a
Wiz
CVE-2026-5867 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5867 [HIGH] CVE-2026-5867 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5867 :
Google Chrome vulnerability analysis and mitigation
Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has
Wiz
CVE-2026-5891 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5891 [HIGH] CVE-2026-5891 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5891 :
Google Chrome vulnerability analysis and mitigation
Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09,
Wiz
CVE-2026-5879 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5879 [HIGH] CVE-2026-5879 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5879 :
Google Chrome vulnerability analysis and mitigation
Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
W
Wiz
CVE-2026-5914 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5914 [HIGH] CVE-2026-5914 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5914 :
Google Chrome vulnerability analysis and mitigation
Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)
Source : NVD
## 8.8
Score
Published April 8, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH No Fix Added at: Apr 09, 2026
Echo Severity HIGH
Wiz
CVE-2026-5913 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5913 [HIGH] CVE-2026-5913 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5913 :
Google Chrome vulnerability analysis and mitigation
Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 2026
Wiz
CVE-2026-5897 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5897 [HIGH] CVE-2026-5897 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5897 :
Google Chrome vulnerability analysis and mitigation
Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09,
Wiz
CVE-2026-5919 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5919 [HIGH] CVE-2026-5919 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5919 :
Google Chrome vulnerability analysis and mitigation
Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
## 6.5
Score
Published April 8, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM No Fix Added at: Apr 09, 2026
Echo
Wiz
CVE-2026-5882 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5882 [HIGH] CVE-2026-5882 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5882 :
Google Chrome vulnerability analysis and mitigation
Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 2026
##
Wiz
CVE-2026-5883 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5883 [HIGH] CVE-2026-5883 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5883 :
Google Chrome vulnerability analysis and mitigation
Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 20
Wiz
CVE-2026-5902 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5902 [HIGH] CVE-2026-5902 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5902 :
Google Chrome vulnerability analysis and mitigation
Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows
Wiz
CVE-2026-5893 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5893 [HIGH] CVE-2026-5893 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5893 :
Google Chrome vulnerability analysis and mitigation
Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 2026
## Get a CVE
Wiz
CVE-2026-5908 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5908 [HIGH] CVE-2026-5908 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5908 :
Google Chrome vulnerability analysis and mitigation
Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)
Source : NVD
## 8.8
Score
Published April 8, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH No Fix Added at: Apr 09, 2026
Echo Severity HIGH No Fix Added at: Apr 09, 2026
Linux Severity HIG
Wiz
CVE-2026-5869 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5869 [HIGH] CVE-2026-5869 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5869 :
Google Chrome vulnerability analysis and mitigation
Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has
Wiz
CVE-2026-5895 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5895 [HIGH] CVE-2026-5895 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5895 :
Google Chrome vulnerability analysis and mitigation
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. (Chromium security severity: Low)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix A
Wiz
CVE-2026-5887 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5887 [HIGH] CVE-2026-5887 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5887 :
Google Chrome vulnerability analysis and mitigation
Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windo
Wiz
CVE-2026-5889 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5889 [HIGH] CVE-2026-5889 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5889 :
Google Chrome vulnerability analysis and mitigation
Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Ad
Wiz
CVE-2026-5871 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5871 [HIGH] CVE-2026-5871 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5871 :
Google Chrome vulnerability analysis and mitigation
Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 2026
Wiz
CVE-2026-5912 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5912 [HIGH] CVE-2026-5912 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5912 :
Google Chrome vulnerability analysis and mitigation
Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
## 8.8
Score
Published April 8, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH No Fix Added at: Apr 09, 2026
Echo Severity HIGH No Fix Added at: Apr 09, 2026
Linux Severity HI
Wiz
CVE-2026-5865 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5865 [HIGH] CVE-2026-5865 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5865 :
Google Chrome vulnerability analysis and mitigation
Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 2026
Wiz
CVE-2026-5910 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5910 [HIGH] CVE-2026-5910 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5910 :
Google Chrome vulnerability analysis and mitigation
Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)
Source : NVD
## 8.8
Score
Published April 8, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH No Fix Added at: Apr 09, 2026
Echo Severity HIGH No Fix Added at: Apr 09, 2026
Linux Severity HIG
Wiz
CVE-2026-5861 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5861 [HIGH] CVE-2026-5861 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5861 :
Google Chrome vulnerability analysis and mitigation
Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 2026
Wiz
CVE-2026-5862 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5862 [HIGH] CVE-2026-5862 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5862 :
Google Chrome vulnerability analysis and mitigation
Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: A
Wiz
CVE-2026-5870 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5870 [HIGH] CVE-2026-5870 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5870 :
Google Chrome vulnerability analysis and mitigation
Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 202
Wiz
CVE-2026-5874 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5874 [HIGH] CVE-2026-5874 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5874 :
Google Chrome vulnerability analysis and mitigation
Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Adde
Wiz
CVE-2026-5904 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5904 [HIGH] CVE-2026-5904 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5904 :
Google Chrome vulnerability analysis and mitigation
Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09
Wiz
CVE-2026-5884 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5884 [HIGH] CVE-2026-5884 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5884 :
Google Chrome vulnerability analysis and mitigation
Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux
Wiz
CVE-2026-5899 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5899 [HIGH] CVE-2026-5899 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5899 :
Google Chrome vulnerability analysis and mitigation
Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 17.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09
Wiz
CVE-2026-5880 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5880 [HIGH] CVE-2026-5880 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5880 :
Google Chrome vulnerability analysis and mitigation
Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Ha
Wiz
CVE-2026-5876 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5876 [HIGH] CVE-2026-5876 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5876 :
Google Chrome vulnerability analysis and mitigation
Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr
Wiz
CVE-2026-5873 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5873 [HIGH] CVE-2026-5873 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5873 :
Google Chrome vulnerability analysis and mitigation
Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: A
Wiz
CVE-2026-5890 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5890 [HIGH] CVE-2026-5890 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5890 :
Google Chrome vulnerability analysis and mitigation
Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added
Wiz
CVE-2026-5868 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5868 [HIGH] CVE-2026-5868 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5868 :
Google Chrome vulnerability analysis and mitigation
Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at:
Wiz
CVE-2026-5905 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-5905 [MEDIUM] CVE-2026-5905 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5905 :
Google Chrome vulnerability analysis and mitigation
Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
## 6.5
Score
Published April 8, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM No Fix Added at: Apr 09, 2026
Echo Severity MEDIUM No Fix Added at: Apr 09, 2026
Linu
Wiz
CVE-2026-5860 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5860 [HIGH] CVE-2026-5860 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5860 :
Google Chrome vulnerability analysis and mitigation
Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 2026
Wiz
CVE-2026-5898 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5898 [HIGH] CVE-2026-5898 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5898 :
Google Chrome vulnerability analysis and mitigation
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 2026
##
Wiz
CVE-2026-5885 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5885 [HIGH] CVE-2026-5885 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5885 :
Google Chrome vulnerability analysis and mitigation
Insufficient validation of untrusted input in WebML in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix
Wiz
CVE-2026-5918 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5918 [HIGH] CVE-2026-5918 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5918 :
Google Chrome vulnerability analysis and mitigation
Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
## 4.3
Score
Published April 8, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM No Fix Added at: Apr 09, 2026
Echo Severity MEDIUM
Wiz
CVE-2026-5901 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5901 [HIGH] CVE-2026-5901 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5901 :
Google Chrome vulnerability analysis and mitigation
Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to bypass enterprise host restrictions for cookie modification via a crafted Chrome Extension. (Chromium security severity: Low)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added a
Wiz
CVE-2026-5909 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5909 [HIGH] CVE-2026-5909 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5909 :
Google Chrome vulnerability analysis and mitigation
Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)
Source : NVD
## 8.8
Score
Published April 8, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH No Fix Added at: Apr 09, 2026
Echo Severity HIGH No Fix Added at: Apr 09, 2026
Linux Severity HIG
Wiz
CVE-2026-5907 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2026-5907 [HIGH] CVE-2026-5907 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5907 :
Google Chrome vulnerability analysis and mitigation
Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity: Low)
Source : NVD
## 8.1
Score
Published April 8, 2026
Severity HIGH
CNA Score 8.1
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH No Fix Added at: Apr 09, 2026
Echo Severity HIGH No Fix Added at: Apr 09, 2026
Linux
Wiz
CVE-2026-5900 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5900 [HIGH] CVE-2026-5900 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5900 :
Google Chrome vulnerability analysis and mitigation
Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass of multi-download protections via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 2026
Bugzilla
CVE-2026-5915 chromium-browser: Insufficient validation of untrusted input in WebML
bugzilla·2026-04-08·CVSS 8.1
CVE-2026-5915 [HIGH] CVE-2026-5915 chromium-browser: Insufficient validation of untrusted input in WebML
CVE-2026-5915 chromium-browser: Insufficient validation of untrusted input in WebML
Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)
Bugzilla
CVE-2025-5915 rpi-imager: Heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c [fedora-42]
bugzilla·2025-06-09·CVSS 6.6
CVE-2025-5915 [MEDIUM] CVE-2025-5915 rpi-imager: Heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c [fedora-42]
CVE-2025-5915 rpi-imager: Heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c [fedora-42]
More information about this security flaw is available in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2370865
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it rema
Bugzilla
CVE-2025-5915 mingw-libarchive: Heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c [fedora-42]
bugzilla·2025-06-09·CVSS 6.6
CVE-2025-5915 [MEDIUM] CVE-2025-5915 mingw-libarchive: Heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c [fedora-42]
CVE-2025-5915 mingw-libarchive: Heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c [fedora-42]
More information about this security flaw is available in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2370865
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if i
2026-04-08
Published