370256 matches found
CVE-2026-13997
The CVE-2026-13997 entry concerns Google Chrome on Android before 150.0.7871.47, where an incorrect security UI in Extensions could allow UI spoofing via a crafted HTML page if a user performed specific UI gestures after being convinced to engage them. The core issue is a flawed UI trust boundary...
CVE-2026-13998
Impact: Affected software is Google Chrome on macOS. The vulnerability stems from an incorrect security UI in the File Input component, enabling UI spoofing when a user is induced to perform specific UI gestures via a crafted HTML page. Root cause: flawed security UI handling in Chrome/Chromium’s...
CVE-2026-13996
CVE-2026-13996 affects Google Chrome on desktop where an inappropriate implementation in the Permissions component allows a remote attacker to trigger UI spoofing via a crafted HTML page. The root cause is an improperPermissions implementation. The issue is mitigated by a Chrome update to version...
CVE-2026-13995
CVE-2026-13995 : Insufficient validation of untrusted input in Autofill for Google Chrome on Android allows a remote attacker to perform UI spoofing via a crafted HTML page. Affected are Chrome builds prior to 150.0.7871.47; remediation is to update to 150.0.7871.47 or a later version once releas...
CVE-2026-13994
CVE-2026-13994 describes an issue in Google Chrome on Android related to Credential Management: an inappropriate implementation allows a remote attacker to perform UI spoofing via a crafted HTML page. The vulnerability affects Chrome versions prior to 150.0.7871.47 (Chromium security severity: Me...
CVE-2026-13993
The CVE-2026-13993 vulnerability affects Google Chrome WebAppInstalls via an Incorrect security UI flaw that allows domain spoofing when a user is induced to perform specific UI gestures on a crafted HTML page. Affected software is Chrome (Chromium-based) with versions prior to 150.0.7871.47. The...
CVE-2026-13992
The CVE-2026-13992 entry applies to Google Chrome on macOS prior to version 150.0.7871.47 . The issue is an inappropriate UI implementation that enables UI spoofing when a user is persuaded to perform certain UI gestures via a crafted HTML page. The vulnerability is described as a remote, UI-base...
CVE-2026-13990
CVE-2026-13990 affects Google Chrome on Windows, where insufficient validation of untrusted input in DataTransfer can allow a renderer-priviliged attacker to spoof UI via a crafted HTML page. The vulnerability arises from improper input handling in DataTransfer that enables UI spoofing when an at...
CVE-2026-13989
Google Chrome is affected by CVE-2026-13989 due to an inappropriate implementation in PageInfo. Before version 150.0.7871.47, a remote attacker who had compromised a renderer process could trigger UI spoofing via a crafted HTML page. The core issue is in PageInfo; impact is limited to UI spoofing...
CVE-2026-13991
CVE-2026-13991 describes insufficient validation of untrusted input in Chrome for iOS / Google Chrome on iOS prior to version 150.0.7871.47 , enabling a remote attacker to perform UI spoofing via a crafted HTML page. The root cause is input validation weaknesses in the iOS Chrome rendering path. ...
CVE-2026-13986
The vulnerability CVE-2026-13986 affects Google Chrome on ChromeOS (Media UI) and is triggered by a crafted HTML page that enables UI spoofing. The issue is described as an inappropriate implementation in Media UI prior to version 150.0.7871.47. An attacker must convince a user to perform specifi...
CVE-2026-13988
CVE-2026-13988 describes an Inappropriate implementation in Google Chrome’s Paint component that allows a remote attacker to perform UI spoofing via a crafted HTML page. Affected software: Google Chrome (Chromium-based). Root cause: implementation issue in Paint prior to version 150.0.7871.47. Im...
CVE-2026-13987
CVE-2026-13987 affects Google Chrome for Android (Mobile UI) prior to 150.0.7871.47, where an incorrect security UI could allow a remote attacker to perform UI spoofing via a crafted HTML page. The issue is described with a Medium severity and is tied to Chromium components. The available connect...
CVE-2026-13985
The CVE-2026-13985 issue affects Google Chrome (Chromium-based) where an inappropriate implementation in MediaCapture allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Impact is UI spoofing with no confidentiality or availability lo...
CVE-2026-13984
The CVE-2026-13984 entry covers Google Chrome’s TabStrip UI security flaw. Affects Chrome versions before 150.0.7871.47, allowing a remote attacker to perform UI spoofing via a crafted HTML page. The vulnerability is due to incorrect security UI behavior in the TabStrip, as described across multi...
CVE-2026-13983
CVE-2026-13983 affects Chrome for iOS prior to 150.0.7871.47. Affected component: Chrome on iOS/webview rendering Omnibox UI. Root cause: inappropriate implementation allowed a remote attacker to spoof the Omnibox contents via a crafted HTML page when a user is tricked into performing specific UI...
CVE-2026-13982
Concretely, CVE-2026-13982 affects Google Chrome (Chromium-based) Passwords UI, where incorrect security UI allowed a remote attacker who compromised the renderer process to perform UI spoofing via a crafted HTML page. The vulnerability is tied to rendering context abuse and is exploitable withou...
CVE-2026-13981
CVE-2026-13981: In Chrome for iOS, Google Chrome on iOS contains an inappropriate implementation that enables UI spoofing via a crafted HTML page. Affected product is Chrome for iOS; root cause is an implementation flaw in the iOS build. Impact stated: remote attacker could perform UI spoofing. R...
CVE-2026-13979
The CVE-2026-13979 entry refers to an Inappropriate implementation in Paint in Google Chrome prior to 150.0.7871.47 that allows a remote attacker to perform UI spoofing via a crafted HTML page. Affected software is Google Chrome (Paint component) with the underlying issue described as a UI spoofi...
CVE-2026-13978
CVE-2026-13978 affects Google Chrome; Insufficient policy enforcement in PageInfo allows UI spoofing via a crafted HTML page in versions prior to 150.0.7871.47. The issue has a CVSS 3.1 base score of 4.3 (Medium) with network attack vector, no confidentiality or availability impact, and user inte...