DEBIAN-CVE-2026-5895

DEBIAN-CVE-2026-5895 PUBLISHED CVSS 5.400000095367432 MEDIUM

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. (Chromium security severity: Low)

Risk Scores

CVSS 3.1

5.400000095367432

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected Products

Vendor	Product	Versions
Debian:11	chromium	127.0.6533.119-1, 127.0.6533.119-1, 126.0.6478.56-1
Debian:12	chromium	129.0.6668.70-1, 113.0.5672.126-1, 114.0.5735.106-1
Debian:13	chromium	147.0.7727.55-1, 146.0.7680.80-1, 146.0.7680.80-1
Debian:14	chromium	138.0.7204.183-1, 147.0.7727.55-1, 0

Exploit Intelligence

2026.xml (github-poc)

Timeline

Apr 8, 2026 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2026-5895 advisory

Open in Interactive Console →