ui spoofing

CVE-2026-7935 is a medium-severity Chromium flaw disclosed on May 6, 2026, in Google Chrome before version 148.0.7778.96, where an inappropriate implementation in the browser’s Speech component could let a remote attacker spoof user-interface elements through a crafted HTML page. The bug is not...

CVE-2026-7947 is a medium-severity Chromium Network flaw disclosed on May 6, 2026, affecting Google Chrome before 148.0.7778.96 and allowing renderer-compromising attackers to spoof browser UI through a crafted HTML page on Windows, macOS, and Linux. That phrasing is dry, but the story is not...

Google and Microsoft disclosed CVE-2026-7996 on May 6–7, 2026, as a low-severity Chromium SSL input-validation flaw fixed in Chrome before 148.0.7778.96 and incorporated into Microsoft Edge Stable 148.0.3967.54 on Windows, macOS, Linux, and Chromium-derived browser deployments. The bug is not...

Google Chrome before 148.0.7778.96 on Linux and 148.0.7778.96/97 on Windows and macOS is affected by CVE-2026-7998, a low-severity Chromium Dialog flaw disclosed on May 6, 2026, that can enable UI spoofing after an attacker has already compromised the renderer process. The bug is not the kind of...

Google and Microsoft moved CVE-2026-8003 into the public vulnerability pipeline this week after Chrome 148.0.7778.96 fixed an input-validation flaw in TabGroups that could let a remote attacker spoof browser UI through malicious network traffic. The bug is rated low by Chromium but medium by...

Google and Microsoft disclosed CVE-2026-8015 on May 6, 2026, after fixing a low-severity Chromium Media flaw in Chrome versions before 148.0.7778.96 that could let a remote attacker spoof browser UI through a crafted HTML page. The bug is not the sort of memory-corruption monster that dominates...

Google and Microsoft disclosed CVE-2026-8019 this week as a Chromium WebApp policy-enforcement flaw fixed in Google Chrome 148.0.7778.96, allowing a remote attacker to perform user-interface spoofing through a crafted HTML page. That sounds minor beside the critical memory-safety bugs in the...

Google’s April 2026 security disclosure for CVE-2026-5875 is a reminder that browser bugs do not need to be memory corruptions to be dangerous. The flaw is described as a policy bypass in Blink that allowed a remote attacker to carry out UI spoofing through a crafted HTML page, and Google has...

Chromium’s CVE-2026-5878 puts a familiar Chrome weakness back in the spotlight: deceptive security UI Google has disclosed and patched CVE-2026-5878, a medium-severity issue in Blink that could let a remote attacker use a crafted HTML page to perform UI spoofing in Chrome versions prior to...

Chrome’s latest security cycle has brought CVE-2026-5882 into the spotlight, and the bug is a reminder that browser security failures are not always about memory corruption or code execution. In this case, Google says an incorrect security UI in Fullscreen in Chrome prior to 147.0.7727.55 could...

CVE-2026-5891 is a good example of why browser security bugs are often more subtle than the headlines suggest. Google has assigned the issue to Chromium and describes it as insufficient policy enforcement in browser UI, a weakness that can let a remote attacker who has already compromised the...

This is a reminder that browser security bugs do not need to be high severity to be operationally important. CVE-2026-5897 affects the Downloads UI in Google Chrome versions before 147.0.7727.55, and Google says a remote attacker could use a crafted HTML page plus specific user gestures to...

Chrome and Chromium teams have assigned CVE-2026-3942 to an Incorrect security UI vulnerability in the Picture‑in‑Picture (PiP) component that can be used for UI spoofing via a crafted HTML page — the bug was fixed upstream in the Chrome/Chromium 146 release line and is documented in Google’s...

Chromium’s CVE-2026-2322 is showing up in Microsoft’s Security Update Guide because Microsoft Edge (the Chromium‑based browser) consumes Chromium’s open‑source engine — Microsoft records upstream Chromium CVEs in the guide to tell Edge users when the upstream fix has been ingested and shipped in...

Microsoft’s Security Update Guide has recorded CVE‑2026‑0391 — a spoofing or UI‑misrepresentation flaw affecting Microsoft Edge (Chromium‑based) on Android — and organizations should treat it as an operational phishing‑enabler that demands immediate verification and patching. Background /...

The Chromium CVE labeled CVE-2026-0906 — an “Incorrect security UI” issue — appears in Microsoft’s Security Update Guide because Microsoft Edge (the Chromium-based edition) consumes Chromium’s open-source code, and Microsoft uses the Security Update Guide to announce when Edge has ingested the...

Microsoft’s Security Response Center has recorded CVE-2025-62224 as a spoofing vulnerability affecting Microsoft Edge (Chromium-based) for Android, a user‑interface integrity issue that can allow a malicious page to misrepresent browser trust signals and provenance on mobile devices — increasing...

Microsoft’s Security Update Guide listing a Chromium-assigned CVE is simply the downstream status announcement that Microsoft Edge (Chromium‑based) has ingested the upstream Chromium fix and shipped an Edge build that is no longer vulnerable; in practical terms, the Security Update Guide (SUG)...

The Chromium CVE entry for CVE‑2025‑12444 — described as an Incorrect security UI in Fullscreen UI issue — appears in Microsoft’s Security Update Guide because Microsoft Edge is built on the Chromium open‑source engine; Microsoft records upstream Chromium CVEs in the Guide to tell Edge...

Microsoft’s security advisory around a freshly disclosed browser bug highlights a repeat problem for mobile users: an insufficient UI warning in Microsoft Edge (Chromium-based) for Android that enables spoofing over a network. The vendor entry you provided points to a CVE record that the...