CVE-2026-5906: Incorrect security UI in Google Chrome
Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
AI Analysis
Technical Summary
This vulnerability involves an incorrect security UI rendering in the Omnibox of Google Chrome on Android, allowing remote attackers to spoof the URL bar contents via crafted HTML. The issue affects versions prior to 147.0.7727.55. The Chromium security team rates this as a low severity issue. No CVSS score or detailed remediation level is provided in the available data. The vendor advisory link points to a stable channel update announcement but does not explicitly confirm a fix for this specific vulnerability.
Potential Impact
The impact is limited to UI spoofing of the Omnibox URL bar on affected Chrome Android versions, potentially misleading users about the actual website they are visiting. This could facilitate phishing or social engineering attacks but does not indicate direct code execution or data compromise. The severity is considered low by the Chromium security team.
Mitigation Recommendations
The vendor advisory link suggests a stable channel update for Chrome, implying that updating to version 147.0.7727.55 or later addresses the issue. Users should update their Chrome browser on Android to the latest version to mitigate this vulnerability. Patch status is not explicitly confirmed in the advisory, so users should verify the update includes this fix. No additional mitigations are specified.
CVE-2026-5906: Incorrect security UI in Google Chrome
Description
Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves an incorrect security UI rendering in the Omnibox of Google Chrome on Android, allowing remote attackers to spoof the URL bar contents via crafted HTML. The issue affects versions prior to 147.0.7727.55. The Chromium security team rates this as a low severity issue. No CVSS score or detailed remediation level is provided in the available data. The vendor advisory link points to a stable channel update announcement but does not explicitly confirm a fix for this specific vulnerability.
Potential Impact
The impact is limited to UI spoofing of the Omnibox URL bar on affected Chrome Android versions, potentially misleading users about the actual website they are visiting. This could facilitate phishing or social engineering attacks but does not indicate direct code execution or data compromise. The severity is considered low by the Chromium security team.
Mitigation Recommendations
The vendor advisory link suggests a stable channel update for Chrome, implying that updating to version 147.0.7727.55 or later addresses the issue. Users should update their Chrome browser on Android to the latest version to mitigate this vulnerability. Patch status is not explicitly confirmed in the advisory, so users should verify the update includes this fix. No additional mitigations are specified.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Chrome
- Date Reserved
- 2026-04-08T19:34:44.359Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","vendor":"Google"}]
Threat ID: 69d6ca401cc7ad14dab3cdb8
Added to database: 4/8/2026, 9:36:00 PM
Last enriched: 4/8/2026, 9:51:47 PM
Last updated: 4/9/2026, 7:17:10 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.