CVE Catalog

CVE-2026-13988

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile — higher than 12% of all known CVEs

Summary

A vulnerability in the Paint component of Google Chrome prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from an inappropriate implementation in the graphics rendering mechanism.

Risk Assessment

An attacker can trick users by displaying fake dialog boxes or buttons, potentially leading to credential theft or unintended actions.

Recommendation

Update Google Chrome to version 150.0.7871.47 or later immediately. Enable automatic updates for all browser instances across the organization.

Original NVD description (English source)

Inappropriate implementation in Paint in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS