{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5897", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-04-08T19:34:42.284Z", "datePublished": "2026-04-08T21:20:57.861Z", "dateUpdated": "2026-04-08T21:20:57.861Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "147.0.7727.55", "status": "affected", "lessThan": "147.0.7727.55", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Incorrect security UI"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-08T21:20:57.861Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}, {"url": "https://issues.chromium.org/issues/419921726"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)"}], "id": "CVE-2026-5897", "lastModified": "2026-04-08T22:16:29.597", "metrics": {}, "published": "2026-04-08T22:16:29.597", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/419921726"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[147.0.7727.55,147.0.7727.55)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-08T22:57:50.177191+00:00", "value": {"mitigation_remediation": ["Update Google Chrome to version 147.0.7727.55 or newer.", "If an upgrade cannot be performed immediately, configure the browser or policy to block or require confirmation for all downloads.", "Avoid visiting untrusted websites and be cautious of download prompts."], "summary": {"action": "Patch Urgently", "impact": "UI Spoofing"}, "threat_synthesis": {"affected_systems": "The flaw affects all installations of the stable channel of Google Chrome that have not yet been updated to 147.0.7727.55 or later. This includes every platform supported by Chrome (Windows, macOS, Linux, Android, iOS) because the issue resides in the core download UI logic.", "description_and_impact": "An incorrect behavior in the Downloads security user interface of Google Chrome prior to version 147.0.7727.55 lets a remote attacker craft a web page that, when a user interacts with specific UI gestures, causes the browser to display misleading UI elements. This UI spoofing can trick users into accepting malicious downloads or following unsafe links. No direct code execution or data loss occurs, but the social engineering required can lead to user compromise or accidental download of malware.", "risk_and_exploitability": "Chromium lists the issue as low severity. No public evidence of exploitation exists and the EPSS score is not available. An attacker would need to lure a user to a malicious web page and persuade the user to perform specific UI gestures, so the attack requires user interaction and social engineering. While the risk is moderate due to the low severity, the potential for phishing or malware delivery warrants prompt mitigation."}}}}, "created": "2026-04-09T08:16:55.511836+00:00", "title": "Incorrect Downloads Security UI in Google Chrome Enables UI Spoofing", "updated": "2026-04-09T08:26:21.560329+00:00", "vendors": ["google", "google$PRODUCT$chrome"], "weaknesses": ["CWE-847"]}