CVE-2026-5919

| EUVD-2026-20754 MEDIUM
2026-04-08 Chrome GHSA-vv23-jmr5-38v3
6.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

4
Patch Released
Apr 08, 2026 - 23:32 nvd
Patch available
Analysis Generated
Apr 08, 2026 - 22:01 vuln.today
EUVD ID Assigned
Apr 08, 2026 - 22:01 euvd
EUVD-2026-20754
CVE Published
Apr 08, 2026 - 21:21 nvd
MEDIUM 6.5

Tags

Google Authentication Bypass

Description

Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

Analysis

Google Chrome prior to 147.0.7727.55 contains insufficient validation of untrusted input in WebSockets that allows a remote attacker with a compromised renderer process to bypass same-origin policy via a crafted HTML page. This vulnerability requires prior renderer compromise and user interaction, limiting real-world exploitability despite the high CVSS score. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

33
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +32
POC: 0

Share

CVE-2026-5919 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy