Google Chrome vulnerabilities

CVE-2026-5919 [MEDIUM] CWE-20 CVE-2026-5919: Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 all Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-5886 CWE-125 CVE-2026-5886: Out of bounds read in WebAudio in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attac Out of bounds read in WebAudio in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-5896 CVE-2026-5896: Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinc Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass sandbox download restrictions via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-5903 CVE-2026-5903: Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-5881 CVE-2026-5881: Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allowed a remote attacke Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-5885 CWE-20 CVE-2026-5885: Insufficient validation of untrusted input in WebML in Google Chrome on Windows prior to 147.0.7727. Insufficient validation of untrusted input in WebML in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-5888 CWE-457 CVE-2026-5888: Uninitialized Use in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to Uninitialized Use in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-5876 CWE-1300 CVE-2026-5876: Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a rem Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-5905 [MEDIUM] CWE-451 CVE-2026-5905: Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a re Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-5918 [MEDIUM] CWE-346 CVE-2026-5918: Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-5875 CVE-2026-5875: Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-5911 [MEDIUM] CWE-693 CVE-2026-5911: Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-5901 CVE-2026-5901: Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attac Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to bypass enterprise host restrictions for cookie modification via a crafted Chrome Extension. (Chromium security severity: Low)

CVE-2026-5882 CVE-2026-5882: Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacke Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-5869 CWE-122 CVE-2026-5869: Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to o Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

CVE-2026-5867 CWE-122 CVE-2026-5867: Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to o Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

CVE-2026-5883 CWE-416 CVE-2026-5883: Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-5892 CVE-2026-5892: Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote att Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-5894 CVE-2026-5894: Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacke Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-5890 CWE-362 CVE-2026-5890: Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potent Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)