CVE-2026-5895: Incorrect security UI in Google Chrome
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. (Chromium security severity: Low)
AI Analysis
Technical Summary
This vulnerability involves an incorrect security UI in the Omnibox of Google Chrome on iOS versions before 147.0.7727.55. A remote attacker can craft a domain name to spoof the URL bar, potentially misleading users about the website they are visiting. The issue is categorized under CWE-451 (Incorrect Display of User Interface). The CVSS score of 5.4 reflects a medium severity with low confidentiality impact, no integrity impact, and low availability impact. No official remediation level or patch confirmation is provided in the vendor advisory linked.
Potential Impact
The impact is limited to the potential for user deception through a spoofed URL bar, which could facilitate phishing or social engineering attacks. There is no direct compromise of data integrity or confidentiality indicated. No known exploits are reported in the wild, reducing immediate risk.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Users and administrators should monitor the official Google Chrome release notes and update to version 147.0.7727.55 or later once confirmed. Until then, caution is advised when interacting with URLs in Chrome on iOS, especially from untrusted sources.
CVE-2026-5895: Incorrect security UI in Google Chrome
Description
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. (Chromium security severity: Low)
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves an incorrect security UI in the Omnibox of Google Chrome on iOS versions before 147.0.7727.55. A remote attacker can craft a domain name to spoof the URL bar, potentially misleading users about the website they are visiting. The issue is categorized under CWE-451 (Incorrect Display of User Interface). The CVSS score of 5.4 reflects a medium severity with low confidentiality impact, no integrity impact, and low availability impact. No official remediation level or patch confirmation is provided in the vendor advisory linked.
Potential Impact
The impact is limited to the potential for user deception through a spoofed URL bar, which could facilitate phishing or social engineering attacks. There is no direct compromise of data integrity or confidentiality indicated. No known exploits are reported in the wild, reducing immediate risk.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Users and administrators should monitor the official Google Chrome release notes and update to version 147.0.7727.55 or later once confirmed. Until then, caution is advised when interacting with URLs in Chrome on iOS, especially from untrusted sources.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Chrome
- Date Reserved
- 2026-04-08T19:34:41.346Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","vendor":"Google"}]
Threat ID: 69d6ca3e1cc7ad14dab3cd66
Added to database: 4/8/2026, 9:35:58 PM
Last enriched: 4/16/2026, 11:36:27 AM
Last updated: 5/23/2026, 6:41:18 PM
Views: 51
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.