CVE Catalog

CVE-2026-13931

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

17th percentile — higher than 17% of all known CVEs

Summary

An inappropriate implementation in the Media component of Google Chrome on Windows prior to version 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page.

Risk Assessment

The risk involves the possibility of a UI spoofing attack, which could lead to data theft or tricking the user into performing dangerous actions.

Recommendation

It is recommended to immediately update Google Chrome to version 150.0.7871.47 or later on all Windows systems.

Original NVD description (English source)

Inappropriate implementation in Media in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS