CVE-2026-14138 is a Windows-only Google Chrome WebAppInstalls flaw disclosed on June 30, 2026, fixed in Chrome 150.0.7871.47, that allowed UI spoofing when a remote attacker persuaded a user to perform specific gestures on a crafted HTML page. The bug is not a drive-by code execution emergency...