You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2026-8003
About this tag
CVE-2026-8003 is a UI spoofing vulnerability in Chrome and Chromium-based Edge, fixed in version 148.0.7778.96. The flaw involves an input-validation issue in TabGroups that could allow a remote attacker to spoof browser UI via malicious network traffic. While Chromium rates it low, CISA's ADP scoring rates it medium, creating a mismatch that Windows admins should note. The vulnerability is not a critical zero-day but highlights browser risk in the gap between user perception and browser behavior. Patching Chrome and Edge is the recommended action, with CPE metadata serving as a starting point for asset mapping.
Google and Microsoft moved CVE-2026-8003 into the public vulnerability pipeline this week after Chrome 148.0.7778.96 fixed an input-validation flaw in TabGroups that could let a remote attacker spoof browser UI through malicious network traffic. The bug is rated low by Chromium but medium by...