CVE-2026-5918
MEDIUM
4,3
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none
Description
AI Translation Available
Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0001
Percentile
0,0th
Updated
EPSS Score Trend (Last 8 Days)
346
Origin Validation Error
DraftCommon Consequences
Security Scopes Affected:
Other
Access Control
Potential Impacts:
Gain Privileges Or Assume Identity
Varies By Context
Applicable Platforms
Technologies:
Not Technology-Specific, Web Based
352
Cross-Site Request Forgery (CSRF)
StableCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Availability
Non-Repudiation
Access Control
Potential Impacts:
Gain Privileges Or Assume Identity
Bypass Protection Mechanism
Read Application Data
Modify Application Data
Dos: Crash, Exit, Or Restart
Applicable Platforms
Technologies:
Web Based, Web Server
Application
Chrome by Google
Version Range Affected
To
147.0.7727.55
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop…
https://issues.chromium.org/issues/490139441