CVE-2026-8564

CVE-2026-8564 describes an issue in Google Chrome’s Downloads UI on Android and macOS, where an incorrect security UI could allow a remote attacker to perform UI spoofing via a crafted HTML page. Affected versions are prior to 148.0.7778.168; remediation is to update to 148.0.7778.168 or later. T...

Astra Linux – Vulnerability in Chromium

Insecure security interfaces in the Downloads section of Google Chrome on Android before version 92.0.4515.107 allowed a remote attacker to perform domain spoofing through a crafted HTML page...

EUVD-2026-11464

Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2026-2323

Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2025-14744

Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability was fixed in Firefox for iOS 144.0...

CVE-2025-14744

Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability was fixed in Firefox for iOS 144.0...

EUVD-2025-28893

Malicious code in bioql PyPI...

Astra Linux – Vulnerability in Chromium

The incorrect security interface in the Downloads section of Google Chrome prior to version 129.0.6668.58 allowed a remote attacker who convinced a user to perform certain UI gestures to perform UI spoofing through a crafted HTML page. Chromium security severity: Medium...

CVE-2022-22290

Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page...