Google Chrome Policy Bypass via Malicious HTML Pages

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

4.3

Google Chrome Policy Bypass via Malicious HTML Pages

CVE-2026-5911

Summary

Google Chrome's content security policy can be bypassed by a malicious HTML page, allowing an attacker to potentially inject and execute unauthorized scripts. This affects older versions of Google Chrome. To stay protected, update your browser to a recent version.

Original title

Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

Original description

Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

Vulnerability type

CWE-693 Protection Mechanism Failure

https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop....
https://issues.chromium.org/issues/485785246

Published: 8 Apr 2026 · Updated: 10 Apr 2026 · First seen: 8 Apr 2026