Severity by source
Sources disagree (Low–High)AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Insufficient validation of untrusted input in Reader Mode in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to bypass navigation restrictions via a malicious file. (Chromium security severity: Low)
AnalysisAI
Navigation restriction bypass in Google Chrome on Android prior to 149.0.7827.53 allows a local attacker to circumvent Reader Mode input validation by supplying a malicious file. No public exploit identified at time of analysis, and EPSS scores exploitation probability at just 0.02% (4th percentile), but Google has released a fix in the stable channel. Chromium internally rates this as Low severity despite the elevated NVD CVSS of 7.7.
Technical ContextAI
The flaw resides in Chrome's Reader Mode feature on the Android platform, which reformats web content for distraction-free reading. The root cause is CWE-20 (Improper Input Validation): Reader Mode insufficiently validates untrusted input from a file source, permitting navigation constraints that normally isolate the rendering context to be bypassed. Reader Mode operates as a privileged Chrome view that strips page chrome and re-renders DOM content, so weak input handling there can break expected origin/scheme boundaries that Chrome's navigation policies enforce.
RemediationAI
Vendor-released patch: update Google Chrome on Android to 149.0.7827.53 or later via Google Play, as announced in the Chrome Releases stable channel update at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html. In managed-device fleets, push the updated Chrome APK through MDM and verify rollout against version 149.0.7827.53. As a compensating control before patching, instruct users to avoid opening untrusted local files (file:// scheme content, downloaded HTML/MHTML) in Chrome and to disable Reader Mode under chrome://flags or via enterprise policy, accepting the trade-off that accessibility users relying on Reader Mode will lose that simplified-rendering capability.
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, a
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, do
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderb
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbi
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Conta
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbi
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and Se
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13
Same weakness CWE-20 – Improper Input Validation
View allSame technique Authentication Bypass
View allVendor StatusVendor
SUSE
Severity: Important| Product | Status |
|---|---|
| SUSE Package Hub 15 SP7 | Fixed |
| openSUSE Leap 16.0 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Package Hub 15 SP7 | Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34758
GHSA-jqx5-hg9f-r3hf