CVE Catalog

CVE-2026-13995

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

Insufficient validation of untrusted input in Autofill in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page.

Risk Assessment

An attacker can trick the user by displaying fake dialogs or forms, potentially leading to theft of personal or authentication data.

Recommendation

Immediately update Google Chrome on Android to version 150.0.7871.47 or later.

Original NVD description (English source)

Insufficient validation of untrusted input in Autofill in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS