CVE Catalog

CVE-2026-13984

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile — higher than 7% of all known CVEs

Summary

A vulnerability in the TabStrip component of Google Chrome prior to version 150.0.7871.47 allows a remote attacker to perform UI spoofing via a crafted HTML page. The issue is due to incorrect security UI handling.

Risk Assessment

An attacker can trick the user by displaying fake information in the tab bar, potentially leading to data theft or unwanted actions.

Recommendation

Update Google Chrome to version 150.0.7871.47 or later immediately.

Original NVD description (English source)

Incorrect security UI in TabStrip in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS