CVE Catalog
CVE-2026-13984
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk0.17%
7th percentile — higher than 7% of all known CVEs
Summary
A vulnerability in the TabStrip component of Google Chrome prior to version 150.0.7871.47 allows a remote attacker to perform UI spoofing via a crafted HTML page. The issue is due to incorrect security UI handling.
Risk Assessment
An attacker can trick the user by displaying fake information in the tab bar, potentially leading to data theft or unwanted actions.
Recommendation
Update Google Chrome to version 150.0.7871.47 or later immediately.
Original NVD description (English source)
Incorrect security UI in TabStrip in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

