Policy Bypass in Downloads for Google Chrome by Google
CVE-2026-5900

Currently unrated

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 8 April 2026

What is CVE-2026-5900?

A vulnerability in Google Chrome allows a remote attacker to exploit a policy bypass in the Downloads feature. This issue occurs prior to version 147.0.7727.55 and can enable the circumvention of multi-download protections through a specially crafted HTML page. By leveraging this weakness, malicious actors could potentially download files without triggering standard security measures, posing a risk to users' data and device integrity.

Affected Version(s)

Chrome 147.0.7727.55

References

https://chromereleases.googleblog.com/2026/04/stable-chan...

https://issues.chromium.org/issues/475265304

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2026
Vulnerability Reserved
Apr 8, 2026

CVE-2026-5900 Data

JSON