Description
Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-03-11
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Navigation restriction bypass enabling malicious redirects
Action: Apply update
AI Analysis

Impact

A vulnerable navigation check in Google Chrome on iOS allowed a remote attacker to bypass navigation restrictions through a specially crafted HTML page. The attacker could cause the browser to navigate to URLs that would normally be blocked, enabling phishing, credential theft, or other malicious behavior.

Affected Systems

Affected browsers are Google Chrome on iOS versions earlier than 146.0.7680.71. The vulnerability is specific to the iOS client; other platform builds are not known to be affected.

Risk and Exploitability

The CVSS score is 6.5, indicating medium severity. EPSS is below 1 %, implying low exploitation probability; the vulnerability is not listed in the CISA KEV catalog. Exploitation requires the victim to load a crafted web page, typically via a phishing link or malicious website. Once accessed, the browser silently navigates to the attacker‑chosen URL, bypassing user controls.

Generated by OpenCVE AI on April 16, 2026 at 02:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Chrome on iOS to version 146.0.7680.71 or newer
  • If an update cannot be applied immediately, use the enterprise policy setting to disable or restrict navigation to untrusted URLs
  • Monitor user activity for unexpected redirects or suspicious navigation events

Generated by OpenCVE AI on April 16, 2026 at 02:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6164-1 chromium security update
History

Mon, 16 Mar 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Sun, 15 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-288
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N'}

Fri, 13 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Title chromium-browser: Unsafe navigation in Navigation
References
Metrics threat_severity

None

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

threat_severity

Moderate

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 11 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Description Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-03-14T03:00:12.709Z

Reserved: 2026-03-11T05:54:12.774Z

Link: CVE-2026-3930

cve-icon Vulnrichment

Updated: 2026-03-14T02:59:59.985Z

cve-icon NVD

Status : Modified

Published: 2026-03-11T22:16:35.693

Modified: 2026-03-16T14:19:53.587

Link: CVE-2026-3930

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-10T00:00:00Z

Links: CVE-2026-3930 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T03:00:09Z

Weaknesses