Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Google Chrome allows malicious downloads to bypass security restrictions
CVE-2026-5900
Summary
A bug in Google Chrome's download feature could allow a hacker to trick the browser into allowing malicious downloads, even if the user has set restrictions. This could potentially let a cyber attacker install malware on a user's computer without their knowledge. Update to the latest version of Google Chrome to fix this issue.
Original title
Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass of multi-download protections via a crafted HTML page. (Chromium security severity: Low)
Original description
Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass of multi-download protections via a crafted HTML page. (Chromium security severity: Low)
Published: 8 Apr 2026 · Updated: 10 Apr 2026 · First seen: 8 Apr 2026