CVE Catalog

CVE-2026-13997

MediumCVSS 4.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

5th percentile — higher than 5% of all known CVEs

Summary

Incorrect security UI in Extensions in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.

Risk Assessment

The risk involves the possibility of tricking the user into believing the browser UI is authentic, potentially leading to disclosure of sensitive data or unauthorized actions.

Recommendation

Immediately update Google Chrome on Android to version 150.0.7871.47 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

Incorrect security UI in Extensions in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS