CVE Catalog

CVE-2026-14381

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile — higher than 11% of all known CVEs

Summary

A vulnerability in the WebAppInstalls component of Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from incorrect security UI handling.

Risk Assessment

An attacker can spoof the trusted web app installation interface, potentially leading to fraud or data theft from the user.

Recommendation

Update Google Chrome to version 150.0.7871.46 or later immediately.

Original NVD description (English source)

Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS