You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
ui spoofing
About this tag
UI spoofing vulnerabilities in Google Chrome allow remote attackers to present misleading browser interface elements through crafted HTML pages and user gestures. The WindowsForum.com tag covers multiple CVEs disclosed in June 2026 affecting Chrome on iOS, macOS, and Windows, all fixed in version 150.0.7871.47. These medium-severity flaws target the visual trust users place in browser UI, potentially enabling phishing attacks by making hostile content appear legitimate. While no active exploitation or code execution is documented, the vulnerabilities undermine the interface users rely on to assess page safety. Updates are available through the App Store for iOS and Chrome's built-in updater for desktop platforms. Administrators should ensure Chrome is patched to the latest version.
Chrome for iOS versions earlier than 150.0.7871.47 should be updated. The supplied NVD affected-software configuration identifies Chrome on Apple iPhone OS; it does not list Windows Chrome.
CVE-2026-14137 is an input-validation flaw that could allow a remote attacker to use crafted HTML and...
Google fixed CVE-2026-13992 in Chrome 150.0.7871.47, a Medium-severity UI-spoofing flaw affecting Chrome on macOS before that release. According to Chrome’s submission, a remote attacker could use crafted HTML and carefully induced user gestures to misrepresent browser interface elements. The...
What changed: CVE-2026-13981 is a Medium-severity UI-spoofing vulnerability in Google Chrome for iOS. A remote attacker can use crafted HTML to present misleading interface information to a user. The public description does not identify the particular interface surface involved.
Who is affected...
Google disclosed CVE-2026-13980 on June 30, 2026, warning that Chrome for iOS versions before 150.0.7871.47 could let a remote attacker use a crafted HTML page to spoof browser interface information, a Medium-severity flaw whose practical danger lies in making hostile content look trustworthy...
Google Chrome on iOS before version 150.0.7871.47 is affected by CVE-2026-13916, a Medium-severity implementation flaw that can allow a remote attacker to perform UI spoofing through a crafted HTML page on an iPhone or iPad. The Chrome-originated CVE description, as presented by the National...
Google disclosed CVE-2026-13907 on June 30, 2026, as a Medium-severity Chrome for iOS vulnerability affecting versions before 150.0.7871.47, in which a remote attacker can use a crafted HTML page and carefully induced screen gestures to spoof trusted-looking interface elements on an iPhone. The...
Google disclosed CVE-2026-13966 on June 30, 2026, as a medium-severity Chrome History flaw fixed before version 150.0.7871.47, allowing a remote attacker to spoof browser interface cues through a crafted HTML page if the user interacted with it. The National Vulnerability Database later added...
Google Chrome before version 150.0.7871.47 contained CVE-2026-13982, a medium-severity flaw in the browser’s Passwords interface that could let an attacker spoof security UI after first compromising the renderer process with a crafted HTML page. The vulnerability was published by Chrome on June...
Google Chrome before version 150.0.7871.47 contains CVE-2026-13984, a medium-severity TabStrip flaw disclosed on June 30, 2026, that can let a remote attacker spoof security-related browser UI through a crafted HTML page. The bug is not a code-execution monster, and that is exactly why it is...
Google Chrome on ChromeOS before version 150.0.7871.47 is affected by CVE-2026-13986, a medium-severity Media UI spoofing flaw disclosed June 30, 2026, that lets a remote attacker use a crafted HTML page and specific user gestures to misrepresent browser interface information. The bug is not a...
Google fixed CVE-2026-13990 in Chrome 150.0.7871.47 for Windows on June 30, 2026, closing a medium-severity DataTransfer input-validation flaw that could let an attacker, after compromising Chrome’s renderer process, spoof browser UI through a crafted HTML page. The entry is now live in the...
Google Chrome before 150.0.7871.47 contains CVE-2026-13996, a medium-severity Chromium Permissions bug disclosed on June 30, 2026, that lets a remote attacker spoof browser security UI with a crafted HTML page. The dry database wording makes it sound like a minor paperwork entry in the endless...
CVE-2026-14030 is a Google Chrome for Linux vulnerability published by NVD on June 30, 2026, in which Chrome versions before 150.0.7871.47 could let a crafted page spoof the Omnibox after specific user interface gestures. The bug is not a browser apocalypse, and Google itself rates the Chromium...
Google Chrome before version 150.0.7871.47 contains CVE-2026-14135, a low-severity Chromium Network flaw disclosed June 30, 2026, that could let a remote attacker with an already-compromised renderer process spoof browser UI through a crafted HTML page. That wording sounds almost reassuring...
Google Chrome before version 150.0.7871.47 contains CVE-2026-13978, a medium-severity PageInfo policy-enforcement flaw disclosed on June 30, 2026, that can let a remote attacker spoof browser UI through a crafted HTML page when user interaction is involved. The bug is not a memory-corruption...
Google Chrome before version 150.0.7871.47 contains CVE-2026-13979, a medium-severity Chromium Paint flaw disclosed on June 30, 2026, that can let a remote attacker spoof browser UI through a crafted HTML page after convincing a user to visit it. The National Vulnerability Database now lists the...
Google Chrome CVE-2026-13988 is a medium-severity UI spoofing flaw in Chrome’s Paint component, fixed for desktop users in version 150.0.7871.47 after disclosure on June 30, 2026, and later enriched by NIST and CISA on July 1. The bug is not the scariest item in Chrome’s enormous late-June...
Google fixed CVE-2026-14002 in Chrome 150.0.7871.47 for Windows and Mac on June 30, 2026, closing a medium-severity Geolocation implementation flaw that could let an attacker who had already compromised Chrome’s renderer process spoof browser UI with a crafted HTML page. The uncomfortable part...
Google Chrome before version 150.0.7871.47 contains CVE-2026-14013, a medium-severity SVG implementation flaw disclosed on June 30, 2026, that can allow a remote attacker to spoof user-interface information through a crafted HTML page. The narrow technical description makes this sound like...
Google disclosed CVE-2026-14014 on June 30, 2026, as a medium-severity Chrome vulnerability fixed in desktop Chrome 150.0.7871.47, where an inappropriate implementation in the browser’s Paint component could let a remote attacker spoof user-interface content through a crafted HTML page. The...