CVE Catalog

CVE-2026-14132

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile — higher than 8% of all known CVEs

Summary

A vulnerability in WebXR in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from inappropriate implementation in WebXR.

Risk Assessment

An attacker could trick users by displaying fake UI elements, potentially leading to data theft or unwanted actions. The risk is low due to the limited scope of the vulnerability.

Recommendation

It is recommended to immediately update Google Chrome to version 150.0.7871.47 or later. Users should also be advised to exercise caution when opening unknown HTML pages.

Original NVD description (English source)

Inappropriate implementation in WebXR in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS