Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
Google Chrome on Android can show fake URLs in the address bar
DEBIAN-CVE-2026-5906
Summary
A security weakness in older versions of Google Chrome on Android can be exploited by a malicious website to display a fake address in the address bar. This could potentially trick users into visiting a different website than they intended. To stay safe, update your Google Chrome to the latest version.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| debian | chromium | All versions | – |
| debian | chromium | All versions | – |
| debian | chromium | All versions | – |
| debian | chromium | All versions | – |
Original title
Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium secur...
Original description
Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
osv CVSS3.1
4.3
- https://security-tracker.debian.org/tracker/CVE-2026-5906 Vendor Advisory
Published: 8 Apr 2026 · Updated: 10 Apr 2026 · First seen: 10 Apr 2026