CVE-2026-13997
MediumCVSS 4.2Exploitation Probability (EPSS)
Low risk5th percentile — higher than 5% of all known CVEs
Summary
Incorrect security UI in Extensions in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.
Risk Assessment
The risk involves the possibility of tricking the user into believing the browser UI is authentic, potentially leading to disclosure of sensitive data or unauthorized actions.
Recommendation
Immediately update Google Chrome on Android to version 150.0.7871.47 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
Incorrect security UI in Extensions in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

