CVE-2026-5919Improper Input Validation in Google Chrome

CWE-20Improper Input ValidationCWE-346Origin Validation Error11 documents10 sources
Severity
6.5MEDIUMNVD
EPSS
0.0%
top 88.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedApr 8
Latest updateApr 13

Description

Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5google/chrome147.0.7727.55147.0.7727.55
NVDgoogle/chrome< 147.0.7727.55

🔴Vulnerability Details

4
VulDB
Google Chrome up to 146.0.7680.178 WebSockets cross-domain policy (ID 483423 / Nessus ID 305708)2026-04-13
GHSA
GHSA-vv23-jmr5-38v3: Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 1472026-04-09
OSV
CVE-2026-5919: Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 1472026-04-08
CVEList
CVE-2026-5919: Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 1472026-04-08

📋Vendor Advisories

3
Red Hat
chromium-browser: Insufficient validation of untrusted input in WebSockets2026-04-07
Chrome
Stable Channel Update for Desktop: CVE-2026-59182026-04-07
Debian
CVE-2026-5919: chromium - Insufficient validation of untrusted input in WebSockets in Google Chrome prior ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-5919 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

1
Bugzilla
CVE-2026-5919 chromium-browser: Insufficient validation of untrusted input in WebSockets2026-04-08
CVE-2026-5919 — Improper Input Validation in Google | cvebase