cve-2026-5919

CVE-2026-5919 is a Chromium security vulnerability affecting Google Chrome prior to version 147.0.7727.55. The flaw involves insufficient validation of untrusted input in WebSockets, which could allow a remote attacker who has already compromised the renderer process to bypass the same-origin policy using a crafted HTML page. Microsoft's Security Update Guide records this issue with CWE-20 Improper Input Validation and a CVSS 3.1 base score of 6.5 Medium. While initially disclosed as low severity, the vulnerability highlights that even lower-severity flaws can have significant operational implications, particularly in enterprise environments where browser security is critical. WindowsForum discussions around CVE-2026-5919 focus on understanding the attack vector and assessing the real-world risk for Windows users running Chromium-based browsers.