Chromium: CVE-2026-5892 Insufficient policy enforcement in PWAs

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-5892

An insufficient policy enforcement flaw was found in the PWAs component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=487568011...

SUSE CVE-2026-5892

Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. Chromium security severity: Medium...

EUVD-2026-20711

Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. Chromium security severity: Medium...

DEBIAN-CVE-2026-5892

Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5892

Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5892

Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5892

Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5892

Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5892

Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. Chromium security severity: Medium...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 147.0.7727.55 contained a security vulnerability. This vulnerability stemmed from insufficient policy execution in PWA implementations. It could allow remote attackers who have infiltrated...

CVE-2026-30240

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA Progressive Web App ZIP processing endpoint POST /api/pwa/process-zip allows an authenticated user with builder privileges to read arbitrary...

CVE-2026-30240

Budibase PWA ZIP upload path traversal (CVE-2026-30240) affects Budibase 3.31.5 and earlier. Affected component: PWA ZIP processing endpoint at POST /api/pwa/process-zip. Root cause: unsanitized usage of path.join() with user-controlled input from icons.json inside the uploaded ZIP allowing an au...

CVE-2026-30240 Budibase PWA ZIP Upload Path Traversal Allows Reading Arbitrary Server Files Including All Environment Secrets

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA Progressive Web App ZIP processing endpoint POST /api/pwa/process-zip allows an authenticated user with builder privileges to read arbitrary...

Budibase 安全漏洞

Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Budibase versions 3.31.5 and earlier have a security vulnerability caused by a path traversal issue in the PWA ZIP processing...

EUVD-2026-9072

Canarytokens help track activity and actions on a network. Versions prior to sha-7ff0e12 have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can inser...

Inside a fake Google security check that becomes a browser RAT

A website styled to resemble a Google Account security page is distributing what may be one of the most fully featured browser-based surveillance toolkits we have observed in the wild. Disguised as a routine security checkup, it walks victims through a four-step flow that grants the attacker push...

PT-2026-22402

Name of the Vulnerable Software and Affected Versions Canarytokens versions prior to sha-7ff0e12 Description The Canarytokens PWA Canarytoken has a Self Cross-Site Scripting issue. A Canarytoken creator can execute Javascript code by inserting it into the title field of their PWA token. This allo...

Linux Distros Unpatched Vulnerability : CVE-2018-6083

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access...

MAL-2025-29719 Malicious code in progressive-web-app (npm)

The package progressive-web-app was found to contain malicious code...