CVE-2026-5901

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55

Description A flaw exists in the Google Chrome DevTools web development toolkit's data protection mechanism. Successful exploitation could allow a remote attacker to bypass security restrictions by loading a malicious extension. This could occur if a user is convinced to install a malicious extension. Insufficient policy enforcement in DevTools allowed bypassing enterprise host restrictions for cookie modification via a crafted Chrome Extension.

Recommendations Update Google Chrome to version 147.0.7727.55 or later.

Fix

Protection Mechanism Failure

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-602CWE-693CWE-200

Related Identifiers

BDU:2026-04937

CVE-2026-5901

OPENSUSE-SU-2026:10530-1

OPENSUSE-SU-2026:20575-1

Affected Products

Google Chrome

CVE-2026-5901

Weakness Enumeration

Related Identifiers

Affected Products

References · 71