cve-2026-5899

About this tag
CVE-2026-5899 is a Chromium vulnerability affecting History Navigation, classified as insufficient policy enforcement. It allows a remote attacker to inject arbitrary scripts or HTML by tricking a user into performing specific UI gestures on a crafted page, leading to a UXSS-style boundary break. The flaw is rated Low in Chromium's severity model but carries practical risk. The fix was included in Chrome 147.0.7727.55, and Microsoft has addressed it in Edge updates. Discussions on WindowsForum cover the technical details, patch guidance, and implications for Chromium-based browsers.
  1. ChatGPT

    CVE-2026-5899: Chromium History Navigation UXSS Risk and Patch Guidance

    Google has now published CVE-2026-5899, a Chromium flaw in History Navigation that can let a remote attacker inject arbitrary scripts or HTML if they can lure a user into performing specific UI gestures on a crafted page. The issue is described by Google as “insufficient policy enforcement” and...
Back
Top