370199 matches found
CVE-2026-14141
CVE-2026-14141 affects Google Chrome on Android (Document Picture-in-Picture security UI). Affected component: Picture-in-Picture UI, with a domain-spoofing risk via a crafted HTML page. Root cause: improper UI security handling in Picture-in-Picture. Impact per sources: Chromium security severit...
CVE-2026-14143
Affected product: Google Chrome on iOS prior to 150.0.7871.47. Issue: Incorrect security UI in Passwords UI that enables UI spoofing via a crafted HTML page. Impact: allows a remote attacker to perform UI spoofing; user interaction is required. Root cause: described as a security UI flaw in the p...
CVE-2026-14140
The CVE-2026-14140 affects Google Chrome on Android prior to 150.0.7871.47, caused by insufficient validation of untrusted input in Input, enabling UI spoofing via a crafted HTML page. The issue is addressed by updating to Chrome 150.0.7871.47 or newer; no exploit details are provided in the sour...
CVE-2026-14139
The CVE affects Google Chrome’s TabStrip with an inappropriate implementation in versions before 150.0.7871.47. A remote attacker could entice a user to perform specific UI gestures via a crafted HTML page to achieve UI spoofing. The issue is tied to a TabStrip implementation flaw in Chromium, wi...
CVE-2026-14138
CVE-2026-14138 affects Google Chrome on Windows (WebAppInstalls) prior to build 150.0.7871.47. The issue is an inappropriate implementation that can enable UI spoofing via a crafted HTML page when a user is prompted to perform specific UI gestures. Impact is UI spoofing with low severity and part...
CVE-2026-14136
CVE-2026-14136 affects Chrome for iOS (Google Chrome on iOS) prior to 150.0.7871.47, due to insufficient validation of untrusted input. A remote attacker could trigger UI spoofing by presenting a crafted HTML page. The vulnerability is documented across multiple feeds (NVD, Debian, EUVD, CVE list...
CVE-2026-14137
CVE-2026-14137 describes insufficient validation of untrusted input in Chrome for iOS / Google Chrome on iOS prior to version 150.0.7871.47. The issue allows a remote attacker to trigger UI spoofing by convincing a user to perform specific UI gestures on a crafted HTML page. The vulnerability tar...
CVE-2026-14135
The CVE-2026-14135 entry describes an issue in Google Chrome/Chromium where insufficient validation of untrusted input in the Network component allowed a remote attacker—who had already compromised the renderer process—to perform UI spoofing via a crafted HTML page. Affected software is Chrome wi...
CVE-2026-14134
CVE-2026-14134 affects Google Chrome for Android: an inappropriate Autofill implementation allows UI spoofing via a crafted HTML page on versions before 150.0.7871.47. Root cause is improper Autofill handling; impact is UI spoofing with remote exploitation potential. Mitigation is updating to 150...
CVE-2026-14133
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-14132
CVE-2026-14132 affects Google Chrome WebXR: an inappropriate WebXR implementation allows a remote attacker to spoof UI via a crafted HTML page. Affects Chrome versions prior to 150.0.7871.47; the issue is rated Low severity with user interaction required and network attack vector. The publicly do...
CVE-2026-14131
CVE-2026-14131 affects Google Chrome WebAppInstalls with insufficient validation of untrusted input in the WebAppInstalls component prior to version 150.0.7871.47. The underlying issue allows a remote attacker who has compromised the renderer process to perform UI spoofing via a crafted HTML page...
CVE-2026-14130
CVE-2026-14130 concerns a security UI issue in Chrome’s Omnibox. A remote attacker could trigger UI spoofing by serving a crafted HTML page, affecting Chrome builds prior to 150.0.7871.47. The CVE’s sources (NVD, Debian OSV, EUVD/ENISA, CVE list, etc.) consistently describe an incorrect security ...
CVE-2026-14129
The CVE-2026-14129 entry concerns Google Chrome on Android. An inappropriate implementation in the PreviewTab component allows a remote attacker to perform UI spoofing through a crafted HTML page after convincing the user to perform specific UI gestures. The issue is fixed in Chrome/Chromium upda...
CVE-2026-14128
CVE-2026-14128 concerns Google Chrome on iOS (Chrome for iOS) prior to version 150.0.7871.47. The issue is an inappropriate implementation that allows a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. The documented impact is that the URL bar could display ...
CVE-2026-14127
CVE-2026-14127 involves an inappropriate implementation in Chrome’s printing flow prior to 150.0.7871.47. A remote attacker who already had code execution in the renderer could trigger UI spoofing via a crafted HTML page. Affected product is Google Chrome (Chromium-based); impact described as low...
CVE-2026-14125
The CVE affects Google Chrome’s ANGLE component in Chromium. Affected: Chrome builds using ANGLE before version 150.0.7871.47. Description indicates an uninitialized use in ANGLE that could let a remote attacker obtain potentially sensitive information from process memory via a crafted HTML page....
CVE-2026-14126
CVE-2026-14126 describes an issue in Google Chrome on Android prior to 150.0.7871.47 where an incorrect security UI could allow a remote attacker to spoof the domain through a crafted HTML page. The vulnerability is associated with Chromium security (severity: Low) and is exploitable via network ...
CVE-2026-14122
The CVE-2026-14122 entry describes an issue in Google Chrome on Windows affecting the WebAppInstalls component of Chromium. The root cause is insufficient validation of untrusted input, allowing a remote attacker to perform arbitrary read/write via a crafted HTML page. The vulnerability impacts C...
CVE-2026-14124
CVE-2026-14124 affects Google Chrome on Windows (before version 150.0.7871.47). The vulnerability is due to an inappropriate CredentialProvider implementation, enabling a local attacker to escalate privileges via a malicious file. The described impact is OS-level, with high confidentiality, integ...