CVE Catalog

CVE-2026-13996

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile — higher than 12% of all known CVEs

Summary

In Google Chrome prior to version 150.0.7871.47, an inappropriate implementation in the Permissions module allowed a remote attacker to perform UI spoofing via a crafted HTML page.

Risk Assessment

An attacker can trick the user by displaying fake dialog boxes or permission requests, potentially leading to disclosure of sensitive data or unauthorized actions.

Recommendation

Update Google Chrome to version 150.0.7871.47 or later immediately to remediate this vulnerability.

Original NVD description (English source)

Inappropriate implementation in Permissions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS