Google Chrome: Malicious Extensions Can Bypass Enterprise Cookie Rules

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Google Chrome: Malicious Extensions Can Bypass Enterprise Cookie Rules

CVE-2026-5901

Summary

A security issue in older versions of Google Chrome could allow a hacker to trick a user into installing a malicious extension that can bypass rules set by your company to control cookie settings. This could potentially allow the attacker to see sensitive information. To fix this, update to Google Chrome version 147.0.7727.55 or later.

Original title

Original description

Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to bypass enterprise host restrictions for cookie modification via a crafted Chrome Extension. (Chromium security severity: Low)

Published: 8 Apr 2026 · Updated: 10 Apr 2026 · First seen: 8 Apr 2026