You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2026-5902
About this tag
CVE-2026-5902 is a low-severity race condition vulnerability in Chrome's Media component affecting Android builds prior to version 147.0.7727.55. Tracked as CWE-362, it allows a remote attacker who has already compromised the renderer to corrupt media stream metadata via a crafted HTML page. The CVE record was published on April 8, 2026, with references to Google's Chrome Releases page and Chromium issue tracker. While rated low severity, the vulnerability underscores that such flaws can still pose risks in specific attack chains, particularly when an attacker has initial access. WindowsForum.com discussions highlight the importance of applying the Chrome update promptly to mitigate potential exploitation on Android devices.
Chrome users on Android are facing another reminder that “low severity” does not mean low urgency. Microsoft’s Security Update Guide now tracks CVE-2026-5902, a race condition in Chrome’s Media component that affects Android builds prior to 147.0.7727.55 and can let a remote attacker who has...