Google Chrome before version 150.0.7871.47 contains CVE-2026-14026, a SplitView security-interface flaw disclosed on June 30, 2026, that can let a remote attacker use a crafted HTML page and user gestures to spoof browser UI on Windows, macOS, and Linux. The bug is not a drive-by code execution...
Google fixed CVE-2026-14072 in Chrome 150.0.7871.47 for Windows and Mac on June 30, 2026, after documenting a low-severity SplitView flaw that could let a remote attacker spoof browser security UI through a crafted HTML page when user interaction occurs. That sounds modest, and by the arithmetic...
Google Chrome before version 150.0.7871.47 contained CVE-2026-14089, a low-severity Chromium PopupBlocker input-validation flaw disclosed June 30, 2026, that could let an attacker who had already compromised the renderer process spoof browser UI through a crafted HTML page. The National...
Google Chrome CVE-2026-14110 was published by NVD on June 30, 2026, after Chrome reported that versions before 150.0.7871.47 could let a remote attacker spoof browser UI through a crafted HTML page because of an inappropriate DarkMode implementation. The bug is rated low by Chromium but scored...
Google Chrome before version 150.0.7871.47 contains CVE-2026-14127, a printing-related UI spoofing flaw disclosed on June 30, 2026, that can be triggered by a crafted HTML page after an attacker has already compromised Chrome’s renderer process. That last condition is the whole story: this is...
Google disclosed CVE-2026-14150 on June 30, 2026, as a low-severity Chrome Speech-component flaw fixed in Chrome 150.0.7871.47 for Windows and Mac, allowing UI spoofing only after an attacker had already compromised the renderer process. The National Vulnerability Database then enriched the...
Google fixed CVE-2026-13973 in Chrome 150.0.7871.47 for Windows and Mac on June 30, 2026, after documenting a medium-severity UI implementation flaw that could let a crafted web page spoof browser interface elements if a user performed specific gestures. The bug is not the kind of...
Google Chrome before 150.0.7871.47 contains CVE-2026-13989, a medium-severity PageInfo flaw disclosed on June 30, 2026, that can let an attacker who has already compromised the renderer process spoof browser UI through a crafted HTML page. That dry description hides the real story: this is not a...
Google Chrome CVE-2026-14142 is a low-severity Chromium Extensions flaw fixed before Chrome 150.0.7871.47, published by NVD on June 30, 2026, and modified July 1 after enrichment, allowing UI spoofing only after an attacker has already compromised the renderer process. That phrasing matters...
CVE-2026-13865 is a medium-severity Google Chrome Enterprise input-validation flaw, published by NVD on June 30, 2026, fixed in Chrome 150.0.7871.47 for Windows and Mac, and exploitable by a remote attacker using a crafted HTML page to spoof browser UI. The bug is not a remote-code-execution...
On June 30, 2026, Google disclosed CVE-2026-14153, a Chrome vulnerability in the browser’s Glic component that allowed UI spoofing before version 150.0.7871.47 when a remote attacker persuaded a user to perform specific interface gestures on a crafted web page. The bug is not a blockbuster...
Google assigned CVE-2026-11666 to a high-severity Chrome flaw fixed on June 8, 2026, in desktop builds before 149.0.7827.103, where insufficient validation of untrusted input in the browser’s Input component could let a remote attacker spoof UI through a crafted HTML page. The narrow description...
Google Chrome on Android before version 149.0.7827.53 contains CVE-2026-11172, a medium-severity Chromium flaw published June 4, 2026, in which incorrect Contact Picker security UI could let a remote attacker spoof interface cues through a crafted HTML page. The bug is not the sort of...
Google Chrome on Android versions before 149.0.7827.53 were assigned CVE-2026-11175 on June 4, 2026, after Google disclosed that a crafted HTML page could spoof security-related UI in the browser’s Messages surface. The flaw is not a classic memory-corruption emergency, but it lands in a class...
Google assigned CVE-2026-10984 to a high-severity Chrome for Android accessibility flaw, fixed before version 149.0.7827.53, that allowed a remote attacker to spoof user-interface elements through a crafted HTML page and was published through NVD on June 4, 2026. The dry wording hides a familiar...
Microsoft disclosed CVE-2026-45650 on June 9, 2026, as an Important-severity spoofing flaw in Microsoft Bing Search for Android, fixed in build 33.3, where a crafted URL could cause user-interface misrepresentation and expose limited sensitive information after user interaction.
That is a small...
CVE-2026-7935 is a medium-severity Chromium flaw disclosed on May 6, 2026, in Google Chrome before version 148.0.7778.96, where an inappropriate implementation in the browser’s Speech component could let a remote attacker spoof user-interface elements through a crafted HTML page. The bug is not...
CVE-2026-7947 is a medium-severity Chromium Network flaw disclosed on May 6, 2026, affecting Google Chrome before 148.0.7778.96 and allowing renderer-compromising attackers to spoof browser UI through a crafted HTML page on Windows, macOS, and Linux. That phrasing is dry, but the story is not...
Google and Microsoft disclosed CVE-2026-7996 on May 6–7, 2026, as a low-severity Chromium SSL input-validation flaw fixed in Chrome before 148.0.7778.96 and incorporated into Microsoft Edge Stable 148.0.3967.54 on Windows, macOS, Linux, and Chromium-derived browser deployments. The bug is not...
Google Chrome before 148.0.7778.96 on Linux and 148.0.7778.96/97 on Windows and macOS is affected by CVE-2026-7998, a low-severity Chromium Dialog flaw disclosed on May 6, 2026, that can enable UI spoofing after an attacker has already compromised the renderer process. The bug is not the kind of...