CVE-2026-5892

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

**Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55

Description A flaw in policy enforcement within Progressive Web Apps (PWAs) in Google Chrome before version 147.0.7727.55 permitted a remote attacker, having already compromised the renderer process, to install a PWA without explicit user permission through a specially crafted HTML page.

Recommendations Update Google Chrome to version 147.0.7727.55 or later.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-1268

Related Identifiers

BDU:2026-04988

CVE-2026-5892

OPENSUSE-SU-2026:10530-1

OPENSUSE-SU-2026:20575-1

Affected Products

Google Chrome

CVE-2026-5892

Weakness Enumeration

Related Identifiers

Affected Products

References · 73