Chrome <146.0.7680.71 PDF Policy Bypass via Crafted PDF
CVE-2026-3939 Published on March 11, 2026

Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. (Chromium security severity: Low)

NVD

Products Associated with CVE-2026-3939

Want to know whenever a new CVE is published for Google Chrome? stack.watch will email you.

Google Chrome

Affected Versions

Google Chrome:

Version 146.0.7680.71 and below 146.0.7680.71 is affected.

Chrome <146.0.7680.71 PDF Policy Bypass via Crafted PDFCVE-2026-3939 Published on March 11, 2026

Products Associated with CVE-2026-3939

Affected Versions

Chrome <146.0.7680.71 PDF Policy Bypass via Crafted PDF
CVE-2026-3939 Published on March 11, 2026