Description
Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. (Chromium security severity: Medium)
Published: 2026-04-08
Score: n/a
EPSS: n/a
KEV: No
Impact: Data disclosure via compromised PDF encryption
Action: Immediate Patch
AI Analysis

Impact

A cryptographic flaw in PDFium, the encrypted‑PDF rendering engine embedded in Google Chrome, allows an attacker to brute‑force the encryption of a PDF and read its confidential contents. This weakness, classified as CWE‑327, is rated medium severity by Chromium and can expose sensitive data to a malicious party with access to the victim’s browser.

Affected Systems

Google Chrome builds that contain PDFium before version 147.0.7727.55 are affected. The vulnerability is specific to the built‑in PDF viewer; other browsers that do not use this PDFium version are not impacted.

Risk and Exploitability

The severity is moderate, with no publicly available EPSS score or KEV listing. Exploitation requires the attacker to supply a specially crafted encrypted PDF to the victim’s Chrome instance and perform a local brute‑force attempt, meaning that user interaction (opening the PDF) is necessary. Because the brute‑force can be automated, phishing or social‑engineering campaigns could disseminate dangerous PDFs widely, raising the risk to environments that rely on this browser component.

Generated by OpenCVE AI on April 8, 2026 at 22:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Chrome release (147.0.7727.55 or newer) to apply the PDFium patch.
  • Until an update is available, disable the built‑in PDF viewer or use a trusted external PDF reader to avoid the vulnerable component.

Generated by OpenCVE AI on April 8, 2026 at 22:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
Title Cryptographic Brute‑Force Vulnerability in PDFium
First Time appeared Google
Google chrome
Weaknesses CWE-327
Vendors & Products Google
Google chrome

Wed, 08 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Description Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. (Chromium security severity: Medium)
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-04-08T21:20:52.705Z

Reserved: 2026-04-08T19:34:39.903Z

Link: CVE-2026-5889

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-08T22:16:28.783

Modified: 2026-04-08T22:16:28.783

Link: CVE-2026-5889

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:26:29Z

Weaknesses