cve 2026 3942

CVE-2026-3942 is a security vulnerability in the Picture-in-Picture (PiP) component of Chrome and Chromium browsers, classified as an incorrect security UI issue that enables UI spoofing via a crafted HTML page. The flaw was addressed in the Chrome/Chromium 146 release line, with patches documented in Google's Chrome release notes and public vulnerability trackers. Microsoft Edge, which is built on Chromium, also ingested the fix. Discussions on WindowsForum cover the technical details, affected versions, and mitigation steps for users and IT administrators managing Chromium-based browsers on Windows systems.