CVE-2026-5881
Received
Received - Intake
Policy Bypass in Chrome LocalNetworkAccess Allows Navigation Circumvention
Publication date: 2026-04-08
Last updated on: 2026-04-14
Assigner: Chrome
Description
Description
Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chrome | to 147.0.7727.55 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a policy bypass issue in the LocalNetworkAccess feature of Google Chrome versions prior to 147.0.7727.55. It allows a remote attacker to circumvent navigation restrictions by using a specially crafted HTML page.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could bypass navigation restrictions in the browser, potentially allowing unauthorized access to local network resources or restricted web content. This could lead to exposure of sensitive information or unauthorized actions within the local network environment.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70