You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2026-5906
About this tag
CVE-2026-5906 is a low-severity security vulnerability affecting Google Chrome for Android prior to version 147.0.7727.55. It involves incorrect security UI in the Omnibox, allowing a remote attacker to spoof the URL bar using a crafted HTML page. While Chromium rates it low, the practical risk is significant because the Omnibox is critical for establishing trust in website identity and destination. Microsoft tracks this CVE through its downstream visibility model. Users should update Chrome for Android to the latest version to mitigate the spoofing risk.
Google’s newly published CVE-2026-5906 is another reminder that browser security problems are often less about dramatic code execution and more about trust. In this case, Incorrect security UI in Omnibox on Google Chrome for Android prior to 147.0.7727.55 could let a remote attacker spoof what...