Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Google Chrome on Windows: Bypass Download Restrictions via Malicious Webpage
CVE-2026-5887
Summary
A security weakness in older versions of Google Chrome on Windows allows a hacker to trick the browser into downloading a file that shouldn't be allowed. This could potentially lead to malware or other unwanted downloads. Users should update to the latest version of Chrome to fix this issue.
Original title
Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromi...
Original description
Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Medium)
Vulnerability type
CWE-20
Improper Input Validation
Published: 8 Apr 2026 · Updated: 10 Apr 2026 · First seen: 8 Apr 2026