CVE Catalog

CVE-2026-13955

LowCVSS 3.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.09%

1th percentile — higher than 1% of all known CVEs

Summary

Insufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file.

Risk Assessment

The organization is at risk of social engineering attacks where users may be tricked by a spoofed browser interface, potentially leading to disclosure of sensitive information or unauthorized actions.

Recommendation

Immediately update Google Chrome on Android devices to version 150.0.7871.47 or later to remediate the vulnerability.

Original NVD description (English source)

Insufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS