Chrome and Chromium teams have assigned CVE-2026-3942 to an Incorrect security UI vulnerability in the Picture‑in‑Picture (PiP) component that can be used for UI spoofing via a crafted HTML page — the bug was fixed upstream in the Chrome/Chromium 146 release line and is documented in Google’s...
