Google Chrome allows remote attackers to bypass navigation restrictions

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Google Chrome allows remote attackers to bypass navigation restrictions

DEBIAN-CVE-2026-5881

Summary

Google Chrome's security feature, Local Network Access, can be bypassed by a malicious website. This means that an attacker can trick a user into visiting a website that should be blocked by the browser's security settings. Users should update to the latest version of Google Chrome to protect themselves from this issue.

What to do

Update debian chromium to version 147.0.7727.55-1~deb12u1.
Update debian chromium to version 147.0.7727.55-1~deb13u1.
Update debian chromium to version 147.0.7727.55-1.

Affected software

Vendor	Product	Affected versions	Fix available
debian	chromium	All versions	–
debian	chromium	<= 147.0.7727.55-1~deb12u1	147.0.7727.55-1~deb12u1
debian	chromium	<= 147.0.7727.55-1~deb13u1	147.0.7727.55-1~deb13u1
debian	chromium	<= 147.0.7727.55-1	147.0.7727.55-1

Original title

Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Original description

Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

https://security-tracker.debian.org/tracker/CVE-2026-5881 Vendor Advisory

Published: 8 Apr 2026 · Updated: 12 Apr 2026 · First seen: 12 Apr 2026