CVE Catalog
CVE-2026-13996
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk0.22%
12th percentile — higher than 12% of all known CVEs
Summary
In Google Chrome prior to version 150.0.7871.47, an inappropriate implementation in the Permissions module allowed a remote attacker to perform UI spoofing via a crafted HTML page.
Risk Assessment
An attacker can trick the user by displaying fake dialog boxes or permission requests, potentially leading to disclosure of sensitive data or unauthorized actions.
Recommendation
Update Google Chrome to version 150.0.7871.47 or later immediately to remediate this vulnerability.
Original NVD description (English source)
Inappropriate implementation in Permissions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

