Google Chrome: Malicious PDFs Can Bypass Browser Restrictions

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Google Chrome: Malicious PDFs Can Bypass Browser Restrictions

CVE-2026-3939

Summary

A security issue in old versions of Google Chrome allows hackers to create PDF files that can get around certain browser restrictions. This could potentially allow them to access sensitive information or take control of your browser. Update to the latest version of Google Chrome to fix this issue.

Original title

Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. (Chromium security severity: Low)

Original description

Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. (Chromium security severity: Low)

https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_...
https://issues.chromium.org/issues/40058077

Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026