Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. (Chromium security severity: Low)
DEBIAN-CVE-2026-3939
Summary
Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. (Chromium security severity: Low)
What to do
- Update debian chromium to version 146.0.7680.71-1~deb12u1.
- Update debian chromium to version 146.0.7680.71-1~deb13u1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| debian | chromium | All versions | – |
| debian | chromium | <= 146.0.7680.71-1~deb12u1 | 146.0.7680.71-1~deb12u1 |
| debian | chromium | <= 146.0.7680.71-1~deb13u1 | 146.0.7680.71-1~deb13u1 |
| debian | chromium | All versions | – |
Original title
Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. (Chromium security severity: Low)
Original description
Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. (Chromium security severity: Low)
- https://security-tracker.debian.org/tracker/CVE-2026-3939 Vendor Advisory
Published: 11 Mar 2026 · Updated: 14 Mar 2026 · First seen: 14 Mar 2026