234 matches found
EUVD-2026-40828
Incorrect security UI in Document Picture-in-Picture in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2026-14141
Incorrect security UI in Document Picture-in-Picture in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14141
Incorrect security UI in Document Picture-in-Picture in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14141
Incorrect security UI in Document Picture-in-Picture in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14141
CVE-2026-14141 affects Google Chrome on Android (Document Picture-in-Picture security UI). Affected component: Picture-in-Picture UI, with a domain-spoofing risk via a crafted HTML page. Root cause: improper UI security handling in Picture-in-Picture. Impact per sources: Chromium security severit...
CVE-2026-14141
Incorrect security UI in Document Picture-in-Picture in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...
PT-2026-54416
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description An incorrect security UI implementation in the Document Picture-in-Picture feature allows a remote attacker to perform domain spoofing by using a crafted HTML page. Domain...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Picture in Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
The use of “after free” in Picture In Picture in Google Chrome before version 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
The incorrect security UI in Picture In Picture in Google Chrome prior to version 119.0.6045.105 allowed a remote attacker to perform domain spoofing through a crafted local HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Low...
ROS-20260520-73-0003
A vulnerability in the Picture In Picture technology of Google Chrome browser is related to information presentation errors in the user interface. Exploitation of the vulnerability could allow an attacker acting remotely to affect the integrity of protected information using a specially crafted...
ROS-20260515-73-0042
A vulnerability in the Picture In Picture technology of Google Chrome browser is associated with incorrect restriction of visualized user interface layers. Exploitation of the vulnerability could allow an attacker acting remotely to affect the integrity of protected information using a specially...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
The incorrect security UI in PictureInPicture in Google Chrome prior to version 146.0.7680.71 allowed a remote attacker to perform UI spoofing through a crafted HTML page. Chromium security severity: Medium...
Google Chrome Security Bypass Vulnerability (CNVD-2026-15411)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability caused by an incorrect security UI in PictureInPicture, which can be exploited by an attacker to perform UI spoofing via specially crafted HTML pages...
Chromium: CVE-2026-3942 Incorrect security UI in PictureInPicture
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...