{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5876", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-04-08T19:34:36.637Z", "datePublished": "2026-04-08T21:20:47.387Z", "dateUpdated": "2026-04-08T21:20:47.387Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "147.0.7727.55", "status": "affected", "lessThan": "147.0.7727.55", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Side-channel information leakage", "cweId": "CWE-1300"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-08T21:20:47.387Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}, {"url": "https://issues.chromium.org/issues/41485206"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)"}], "id": "CVE-2026-5876", "lastModified": "2026-04-08T22:16:27.210", "metrics": {}, "published": "2026-04-08T22:16:27.210", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/41485206"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1300"}], "source": "chrome-cve-admin@google.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[147.0.7727.55,147.0.7727.55)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-08T22:45:56.483713+00:00", "value": {"mitigation_remediation": ["Update Google Chrome to version 147.0.7727.55 or later.", "Verify the update by opening the About Google Chrome page.", "If automatic updates are disabled, manually trigger an update via chrome://settings/help.", "Optionally, disable or restrict the use of Navigation API events through enterprise policy if decisive action is required before patching."], "summary": {"action": "Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "Google Chrome installations running any version prior to 147.0.7727.55 are affected. The vulnerability applies to the stable channel desktop releases and is likely present in mobile builds as well, although the official advisory references the desktop release explicitly.", "description_and_impact": "This flaw allows a remote attacker to extract cross\u2011origin data by exploiting a side\u2011channel leak that originates from the Navigation API. A malicious web page can be crafted to trigger navigation events whose timing or state reveal sensitive information from other origins. The weakness is a side\u2011channel leak (CWE\u20111300) that potentially discloses confidential data without providing code execution or broader system compromise.", "risk_and_exploitability": "Chromium classifies the issue as Medium severity. EPSS data is unavailable and the vulnerability is not listed in the CISA KEV catalog, implying a moderate yet present risk. The attack requires a victim to load a crafted page in Chrome, making it a remote, web\u2011based attack vector with no additional prerequisites beyond ordinary browsing habits. Until the update is applied, any user running an affected Chrome version could be targeted by such a page."}}}}, "created": "2026-04-09T08:17:26.540545+00:00", "title": "Side-Channel Information Leakage via Navigation in Google Chrome", "updated": "2026-04-09T08:26:49.978322+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}