{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5896", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-04-08T19:34:41.736Z", "datePublished": "2026-04-08T21:20:57.512Z", "dateUpdated": "2026-04-08T21:20:57.512Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "147.0.7727.55", "status": "affected", "lessThan": "147.0.7727.55", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass sandbox download restrictions via a crafted HTML page. (Chromium security severity: Low)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Policy bypass"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-08T21:20:57.512Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}, {"url": "https://issues.chromium.org/issues/40064543"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass sandbox download restrictions via a crafted HTML page. (Chromium security severity: Low)"}], "id": "CVE-2026-5896", "lastModified": "2026-04-08T22:16:29.500", "metrics": {}, "published": "2026-04-08T22:16:29.500", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/40064543"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[147.0.7727.55,147.0.7727.55)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-08T22:39:16.466829+00:00", "value": {"mitigation_remediation": ["Update Google Chrome to version 147.0.7727.55 or newer.", "Verify that automatic updates are enabled to receive future security releases.", "Consider disabling sandbox downloads if temporary mitigation is needed until a patch is applied."], "summary": {"action": "Patch Now", "impact": "Sandbox Download Bypass via Policy Exfiltration"}, "threat_synthesis": {"affected_systems": "Google Chrome versions earlier than 147.0.7727.55 on the stable desktop channel are vulnerable. Only Chrome\u2019s standard desktop build is affected; mobile or other platforms are not listed.", "description_and_impact": "Chrome's audio policy enforcement allows a crafted webpage to trick a user into performing a specific set of UI interactions. The page can then bypass sandbox download restrictions, enabling the user to download files that would otherwise be blocked. This change opens a path for a remote attacker to obtain local files or slide into the sandbox boundaries, compromising data confidentiality and potentially facilitating further malicious activities.", "risk_and_exploitability": "The vulnerability carries a low Chromium severity score and has no EPSS data or KEV listing, indicating a modest overall risk. Exploitation requires a remote attacker to persuade a user to browse a malicious HTML page and perform specific gestures. Because it relies on user interaction, the attack vector is \u201cUser Interaction\u201d over \u201cRemote Web.\u201d Nevertheless, any compromised download could lead to sandbox escape or local file disclosure, so the potential impact is nontrivial if attackers succeed."}}}}, "created": "2026-04-09T08:16:56.472025+00:00", "title": "Chrome Audio Policy Bypass Allowing Sandbox Download Escape", "updated": "2026-04-09T08:26:22.639488+00:00", "vendors": ["google", "google$PRODUCT$chrome"], "weaknesses": ["CWE-284", "CWE-285"]}