Google Chrome PDF Bypass Allows Remote Code Injection

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Google Chrome PDF Bypass Allows Remote Code Injection

CVE-2026-5894

Summary

A security issue in older versions of Google Chrome allows a hacker to bypass navigation restrictions on a website, potentially allowing them to inject malicious code. This could allow them to manipulate a user's interaction with a website. Update to the latest version of Google Chrome to fix the issue.

Original title

Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Original description

Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop....
https://issues.chromium.org/issues/481882038

Published: 8 Apr 2026 · Updated: 10 Apr 2026 · First seen: 8 Apr 2026