CVE Catalog
CVE-2026-11172
HighCVSS 8.8Summary
Incorrect security UI in Contact Picker in Google Chrome on Android prior to version 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page.
Risk Assessment
An attacker could exploit this vulnerability to deceive users, potentially leading to the disclosure of personal data or other sensitive information.
Recommendation
It is recommended to update Google Chrome on Android to version 149.0.7827.53 or later to mitigate the risk associated with this vulnerability.
Original NVD description (English source)
Incorrect security UI in Contact Picker in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

