CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-13999
Medium

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension.

CVE-2026-13998
Medium

In Google Chrome on Mac prior to version 150.0.7871.47, an incorrect security UI in the File Input component allowed a remote attacker, after convincing a user to perform specific UI gestures, to spoof the user interface via a crafted HTML page.

CVE-2026-13997
Medium

Incorrect security UI in Extensions in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.

CVE-2026-13996
Medium

In Google Chrome prior to version 150.0.7871.47, an inappropriate implementation in the Permissions module allowed a remote attacker to perform UI spoofing via a crafted HTML page.

CVE-2026-13995
Medium

Insufficient validation of untrusted input in Autofill in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page.

CVE-2026-13994
Medium

Inappropriate implementation in Credential Management in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page.

CVE-2026-13993
Medium

A vulnerability in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to spoof domains via a crafted HTML page.

CVE-2026-13992
Medium

An inappropriate implementation in the UI of Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to perform UI spoofing via a crafted HTML page.

CVE-2026-13991
Medium

Insufficient validation of untrusted input in Chrome for iOS prior to version 150.0.7871.47 allows a remote attacker to perform UI spoofing via a crafted HTML page.

CVE-2026-13990
Medium

Insufficient validation of untrusted input in DataTransfer in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page.

CVE-2026-13989
Medium

An inappropriate implementation in PageInfo in Google Chrome prior to 150.0.7871.47 allows a remote attacker who has compromised the renderer process to perform UI spoofing via a crafted HTML page.

CVE-2026-13988
Medium

A vulnerability in the Paint component of Google Chrome prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from an inappropriate implementation in the graphics rendering mechanism.

CVE-2026-13987
Medium

A vulnerability in Google Chrome on Android prior to version 150.0.7871.47 allows a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from incorrect security UI in mobile mode.

CVE-2026-13986
Medium

An inappropriate implementation in the Media UI component of Google Chrome on ChromeOS prior to version 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to conduct UI spoofing via a crafted HTML page.

CVE-2026-13985
Medium

An inappropriate implementation in MediaCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. The issue is rated as medium severity.

CVE-2026-13984
Medium

A vulnerability in the TabStrip component of Google Chrome prior to version 150.0.7871.47 allows a remote attacker to perform UI spoofing via a crafted HTML page. The issue is due to incorrect security UI handling.

CVE-2026-13983
Medium

An inappropriate implementation in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2026-13982
Low

In Google Chrome prior to version 150.0.7871.47, an incorrect security UI in the Passwords feature allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page.

CVE-2026-13981
Medium

An inappropriate implementation in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from a flaw in the browser's implementation.

CVE-2026-13980
Medium

A vulnerability in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from inappropriate implementation in the browser.

PreviousPage 65 of 4501Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS