browser ui spoofing

  1. CVE-2026-14020: Patch Chrome WebXR UI Spoofing (150.0.7871.47+) on Windows

    Google disclosed CVE-2026-14020 on June 30, 2026, as a medium-severity Chrome WebXR input-validation flaw fixed in desktop Chrome 150.0.7871.47, where a crafted HTML page could enable UI spoofing after an attacker had already compromised the renderer process. The National Vulnerability Database...