Insufficient Policy Enforcement in Google Chrome
CVE-2026-5899

Currently unrated

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 8 April 2026

What is CVE-2026-5899?

The vulnerability in Google Chrome relates to insufficient enforcement of security policies in History Navigation. This flaw allows remote attackers to exploit user interactions through specific UI gestures, enabling them to inject arbitrary scripts or HTML content via a specially crafted HTML page. This presents a potential threat to user security as it can lead to unauthorized data access or manipulation, affecting overall browsing experience.

Affected Version(s)

Chrome 147.0.7727.55

References

https://chromereleases.googleblog.com/2026/04/stable-chan...

https://issues.chromium.org/issues/474817168

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2026
Vulnerability Reserved
Apr 8, 2026

CVE-2026-5899 Data

JSON