Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Google Chrome: PWA Installation Allowed Without User Consent
CVE-2026-5892
Summary
A security gap in Google Chrome allowed an attacker who had taken control of a user's browser to install a Progressive Web App without the user's permission. This could have allowed the attacker to access more of the user's data or take other actions on their behalf. Users should update to the latest version of Google Chrome to fix this issue.
Original title
Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafte...
Original description
Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. (Chromium security severity: Medium)
Published: 8 Apr 2026 · Updated: 10 Apr 2026 · First seen: 8 Apr 2026