CVE-2026-14138
MediumCVSS 4.2Exploitation Probability (EPSS)
Low risk6th percentile — higher than 6% of all known CVEs
Summary
An inappropriate implementation in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. The issue is rated as low severity.
Risk Assessment
The risk involves tricking users through a spoofed interface, potentially leading to disclosure of sensitive information or unintended actions, but requires active user interaction.
Recommendation
It is recommended to immediately update Google Chrome to version 150.0.7871.47 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
Inappropriate implementation in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

