Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Google Chrome prior to 147.0.7727.55 can be tricked into showing fake URLs
CVE-2026-5880
Summary
If an attacker has taken control of the browser's internal workings, they can make the URL bar show a fake address, potentially confusing the user. This affects Google Chrome versions prior to 147.0.7727.55. To fix this, update to the latest version of Google Chrome.
Original title
Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL ba...
Original description
Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
Published: 8 Apr 2026 · Updated: 10 Apr 2026 · First seen: 8 Apr 2026