Improper input validation in Google Chrome

CVE-2026-5887

Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Medium)

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.000 (11.7th percentile) — read the EPSS interpretation.