Zero Day MonitorZDM

← Back to list

6.5

CVE-2026-5919EXPLOITEDPATCHED

google · chrome

CVE-2026-5919: Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attack

Description

Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

Affected Products

Vendor	Product	Versions
google	chrome	147.0.7727.55, < 147.0.7727.55/56 (Windows/Mac), < 147.0.7727.55 (Linux)

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
google	chrome	cert_advisory	90%
microsoft	microsoft edge	cert_advisory	90%

References

Related News (4 articles)

Tier A

Microsoft MSRC-8005s ago

Chromium: CVE-2026-5919 Insufficient validation of untrusted input in WebSockets

→ No new info (linked only)

Tier B

CCCS Canada8h ago

Google Chrome security advisory (AV26-337)

→ No new info (linked only)

Tier B

BSI Advisories1d ago

[NEU] [hoch] Google Chrome und Microsoft Edge: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB1d ago

CVE-2026-5919 | Google Chrome up to 146.0.7680.178 WebSockets cross-domain policy (ID 483423)

→ No new info (linked only)

CVSS 3.16.5 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

147.0.7727.55

CWECWE-20

PublishedApr 8, 2026

Last enriched2h agov3

Tags

code executiondenial of serviceinformation disclosuredata manipulationcross-domain policysecurity advisorybrowserchromium-based

Trending Score63

Source articles4

Independent4

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-5281EXPKEV

CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the render

CRITICALCVE-2026-5858EXP

CVE-2026-5858: Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary cod

HIGHCVE-2026-5859EXP

CVE-2026-5859: Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap

MEDIUMCVE-2026-5869EXP

CVE-2026-5869: Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially se

MEDIUMCVE-2026-5867EXP

CVE-2026-5867: Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially se

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 8, 2026

Discovered by ZDM

Apr 8, 2026

Updated: description, affectedVersions, severity, activelyExploited, tags

Apr 9, 2026

Actively Exploited

Apr 9, 2026

Patch Available

Apr 9, 2026

Updated: tags

Apr 10, 2026

Version History

v3

Last enriched 2h ago

v3Tier A2h ago

Updated vendor to Microsoft and added product Edge, along with a new tag 'chromium-based'.

tags

via Microsoft MSRC

v2Tier C1d ago

Updated severity to CRITICAL, added affected version 146.0.7680.178, and provided a more detailed description of the vulnerability.

descriptionaffectedVersionsseverityactivelyExploitedtags

via VulDB

v12d ago

Initial creation