CVE-2026-13955
LowCVSS 3.3Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
Insufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file.
Risk Assessment
The organization is at risk of social engineering attacks where users may be tricked by a spoofed browser interface, potentially leading to disclosure of sensitive information or unauthorized actions.
Recommendation
Immediately update Google Chrome on Android devices to version 150.0.7871.47 or later to remediate the vulnerability.
Original NVD description (English source)
Insufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file. (Chromium security severity: Medium)

