VYPR
Medium severity6.1NVD Advisory· Published Apr 8, 2026· Updated Apr 13, 2026

CVE-2026-5899

CVE-2026-5899

Description

Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)

Affected products

6

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.