CVE-2026-5895

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Name of the Vulnerable Software and Affected Versions Google Chrome for iOS versions prior to 147.0.7727.55

Description An incorrect security user interface issue in the Omnibox (the browser's address bar) allows a remote attacker to spoof the contents of the URL bar. This is achieved by using a specially crafted domain name, specifically utilizing two Right-to-Left (RTL) Arabic character subdomains to mislead the user.

Recommendations Update Google Chrome for iOS to version 147.0.7727.55 or later.

Fix

UI Misrepresentation of Critical Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-451

Related Identifiers

BDU:2026-04985

CVE-2026-5895

OPENSUSE-SU-2026:10530-1

OPENSUSE-SU-2026:20575-1

Affected Products

Google Chrome

CVE-2026-5895

Weakness Enumeration

Related Identifiers

Affected Products

References · 75