{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5889", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-04-08T19:34:39.903Z", "datePublished": "2026-04-08T21:20:52.705Z", "dateUpdated": "2026-04-08T21:20:52.705Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "147.0.7727.55", "status": "affected", "lessThan": "147.0.7727.55", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. (Chromium security severity: Medium)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Cryptographic Flaw"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-08T21:20:52.705Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}, {"url": "https://issues.chromium.org/issues/486906037"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. (Chromium security severity: Medium)"}], "id": "CVE-2026-5889", "lastModified": "2026-04-08T22:16:28.783", "metrics": {}, "published": "2026-04-08T22:16:28.783", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/486906037"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[147.0.7727.55,147.0.7727.55)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-08T22:59:24.648109+00:00", "value": {"mitigation_remediation": ["Install the latest Chrome release (147.0.7727.55 or newer) to apply the PDFium patch.", "Until an update is available, disable the built\u2011in PDF viewer or use a trusted external PDF reader to avoid the vulnerable component."], "summary": {"action": "Immediate Patch", "impact": "Data disclosure via compromised PDF encryption"}, "threat_synthesis": {"affected_systems": "Google Chrome builds that contain PDFium before version 147.0.7727.55 are affected. The vulnerability is specific to the built\u2011in PDF viewer; other browsers that do not use this PDFium version are not impacted.", "description_and_impact": "A cryptographic flaw in PDFium, the encrypted\u2011PDF rendering engine embedded in Google Chrome, allows an attacker to brute\u2011force the encryption of a PDF and read its confidential contents. This weakness, classified as CWE\u2011327, is rated medium severity by Chromium and can expose sensitive data to a malicious party with access to the victim\u2019s browser.", "risk_and_exploitability": "The severity is moderate, with no publicly available EPSS score or KEV listing. Exploitation requires the attacker to supply a specially crafted encrypted PDF to the victim\u2019s Chrome instance and perform a local brute\u2011force attempt, meaning that user interaction (opening the PDF) is necessary. Because the brute\u2011force can be automated, phishing or social\u2011engineering campaigns could disseminate dangerous PDFs widely, raising the risk to environments that rely on this browser component."}}}}, "created": "2026-04-09T08:17:03.380150+00:00", "title": "Cryptographic Brute\u2011Force Vulnerability in PDFium", "updated": "2026-04-09T08:26:29.478471+00:00", "vendors": ["google", "google$PRODUCT$chrome"], "weaknesses": ["CWE-327"]}