CVE-2026-14089
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk7th percentile — higher than 7% of all known CVEs
Summary
Insufficient validation of untrusted input in PopupBlocker in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page.
Risk Assessment
The risk involves tricking users with a fake browser interface, potentially leading to data theft or unauthorized actions. Although the severity is low, it could be exploited in combination with other vulnerabilities.
Recommendation
Immediately update Google Chrome to version 150.0.7871.47 or later. Consider implementing policies to restrict execution of untrusted HTML content.
Original NVD description (English source)
Insufficient validation of untrusted input in PopupBlocker in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

