DEBIAN-CVE-2026-5881

DEBIAN-CVE-2026-5881 PUBLISHED CVSS 6.5 MEDIUM

Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected Products

Vendor	Product	Versions
Debian:14	chromium	*, 147.0.7727.55-1, 147.0.7727.55-1
Debian:11	chromium	99.0.4844.84-1, 102.0.5005.61-1~deb11u1, 103.0.5060.114-1
Debian:13	chromium	139.0.7258.127-1~deb13u1, 139.0.7258.154-1~deb13u1, 139.0.7258.66-1
Debian:12	chromium	120.0.6099.216-1, 120.0.6099.224-1, 120.0.6099.224-1

Timeline

Apr 8, 2026 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2026-5881 advisory

Open in Interactive Console →