Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Google Chrome: Malicious Code Can Be Injected via User Interaction
CVE-2026-5899
Summary
If a user interacts with a specially crafted webpage in Google Chrome prior to a certain version, an attacker may be able to inject malicious code, which could lead to unauthorized actions on the user's browser. This affects users who haven't updated to the latest version of Chrome. To protect yourself, update to the latest version of Google Chrome as soon as possible.
Original title
Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary sc...
Original description
Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)
Published: 8 Apr 2026 · Updated: 10 Apr 2026 · First seen: 8 Apr 2026