Description
Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-04-08
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Policy Bypass (Navigation Restrictions)
Action: Update Browser
AI Analysis

Impact

An attacker can craft a malicious HTML page that, by inducing a user to perform specific UI gestures, bypasses the IFrameSandbox policy in Google Chrome versions before 147.0.7727.55. This policy bypass removes navigation restrictions, allowing the attacker to load content from arbitrary URLs or execute scripts that would normally be blocked. Because the weakness involves browser policy enforcement, it aligns with CWE‑693 (Noncompliance with Specified Security Policy) and CWE‑838 (Exploiting IFrameSandbox). The described impact can facilitate phishing, data exfiltration, or other malicious actions within the context of the affected browser session.

Affected Systems

Google Chrome versions prior to 147.0.7727.55 running on Windows, macOS, and Linux operating systems are affected. Users of the Chrome Desktop browser on any of these platforms are susceptible to the policy bypass until the specified update is installed.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity, while the EPSS score of less than 1% shows a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires user interaction; the attacker must persuade the victim to engage in specific UI gestures within the browser. Although the attack path is limited to social engineering, the potential for bypassing navigation controls raises concern, especially for users visiting untrusted sites.

Generated by OpenCVE AI on April 13, 2026 at 22:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 147.0.7727.55 or later.
  • Enable automatic updates so that future patches are applied promptly.
  • Exercise caution when interacting with unfamiliar web pages that may prompt IFrame-related UI gestures.

Generated by OpenCVE AI on April 13, 2026 at 22:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6205-1 chromium security update
History

Mon, 13 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Mon, 13 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-693
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N'}

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-601

Fri, 10 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title IFrameSandbox Policy Bypass Through Crafted HTML chromium-browser: Policy bypass in IFrameSandbox
Weaknesses CWE-838
References
Metrics threat_severity

None

 cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

threat_severity

Low

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
Title IFrameSandbox Policy Bypass Through Crafted HTML
First Time appeared Google
Google chrome
Weaknesses CWE-601
Vendors & Products Google
Google chrome

Wed, 08 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Description Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-04-13T18:17:09.155Z

Reserved: 2026-04-08T19:34:43.635Z

Link: CVE-2026-5903

cve-icon Vulnrichment

Updated: 2026-04-13T18:13:34.759Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-08T22:16:30.197

Modified: 2026-04-13T21:14:01.307

Link: CVE-2026-5903

cve-icon Redhat

Severity : Low

Publid Date: 2026-04-07T00:00:00Z

Links: CVE-2026-5903 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:37:26Z

Weaknesses