CVE Catalog
CVE-2026-13865
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk0.20%
10th percentile — higher than 10% of all known CVEs
Summary
Insufficient validation of untrusted input in the Enterprise component in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page.
Risk Assessment
An attacker can spoof a trusted browser interface, potentially leading to data theft or tricking the user into performing unwanted actions.
Recommendation
Update Google Chrome to version 150.0.7871.47 or later immediately, which includes a fix for this vulnerability.
Original NVD description (English source)
Insufficient validation of untrusted input in Enterprise in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

