CVE-2026-13931
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk17th percentile — higher than 17% of all known CVEs
Summary
An inappropriate implementation in the Media component of Google Chrome on Windows prior to version 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page.
Risk Assessment
The risk involves the possibility of a UI spoofing attack, which could lead to data theft or tricking the user into performing dangerous actions.
Recommendation
It is recommended to immediately update Google Chrome to version 150.0.7871.47 or later on all Windows systems.
Original NVD description (English source)
Inappropriate implementation in Media in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

