Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Insufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security sev...

DEBIAN-CVE-2026-3932
Summary

Insufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

What to do
  • Update debian chromium to version 146.0.7680.71-1~deb12u1.
  • Update debian chromium to version 146.0.7680.71-1~deb13u1.
Affected software
VendorProductAffected versionsFix available
debian chromium All versions
debian chromium <= 146.0.7680.71-1~deb12u1 146.0.7680.71-1~deb12u1
debian chromium <= 146.0.7680.71-1~deb13u1 146.0.7680.71-1~deb13u1
debian chromium All versions
Original title
Insufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security sev...
Original description
Insufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Published: 11 Mar 2026 · Updated: 14 Mar 2026 · First seen: 14 Mar 2026