CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension.
In Google Chrome on Mac prior to version 150.0.7871.47, an incorrect security UI in the File Input component allowed a remote attacker, after convincing a user to perform specific UI gestures, to spoof the user interface via a crafted HTML page.
Incorrect security UI in Extensions in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.
In Google Chrome prior to version 150.0.7871.47, an inappropriate implementation in the Permissions module allowed a remote attacker to perform UI spoofing via a crafted HTML page.
Insufficient validation of untrusted input in Autofill in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page.
Inappropriate implementation in Credential Management in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page.
A vulnerability in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to spoof domains via a crafted HTML page.
An inappropriate implementation in the UI of Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to perform UI spoofing via a crafted HTML page.
Insufficient validation of untrusted input in Chrome for iOS prior to version 150.0.7871.47 allows a remote attacker to perform UI spoofing via a crafted HTML page.
Insufficient validation of untrusted input in DataTransfer in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page.
An inappropriate implementation in PageInfo in Google Chrome prior to 150.0.7871.47 allows a remote attacker who has compromised the renderer process to perform UI spoofing via a crafted HTML page.
A vulnerability in the Paint component of Google Chrome prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from an inappropriate implementation in the graphics rendering mechanism.
A vulnerability in Google Chrome on Android prior to version 150.0.7871.47 allows a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from incorrect security UI in mobile mode.
An inappropriate implementation in the Media UI component of Google Chrome on ChromeOS prior to version 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to conduct UI spoofing via a crafted HTML page.
An inappropriate implementation in MediaCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. The issue is rated as medium severity.
A vulnerability in the TabStrip component of Google Chrome prior to version 150.0.7871.47 allows a remote attacker to perform UI spoofing via a crafted HTML page. The issue is due to incorrect security UI handling.
An inappropriate implementation in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
In Google Chrome prior to version 150.0.7871.47, an incorrect security UI in the Passwords feature allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page.
An inappropriate implementation in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from a flaw in the browser's implementation.
A vulnerability in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from inappropriate implementation in the browser.

