Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
Google Chrome: Policy Bypass in ServiceWorker Allows Remote Attack
DEBIAN-CVE-2026-5911
Summary
A vulnerability in Google Chrome allows an attacker to bypass security policies on a website by tricking a user into visiting a malicious webpage. This could potentially allow an attacker to inject malicious scripts or steal user data. Users should update to the latest version of Google Chrome to protect themselves.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| debian | chromium | All versions | – |
| debian | chromium | All versions | – |
| debian | chromium | All versions | – |
| debian | chromium | All versions | – |
Original title
Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
Original description
Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
osv CVSS3.1
4.3
- https://security-tracker.debian.org/tracker/CVE-2026-5911 Vendor Advisory
Published: 8 Apr 2026 · Updated: 10 Apr 2026 · First seen: 10 Apr 2026