CVE-2026-13985
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk14th percentile — higher than 14% of all known CVEs
Summary
An inappropriate implementation in MediaCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. The issue is rated as medium severity.
Risk Assessment
The organization is at risk of phishing attacks or UI manipulation, potentially leading to data theft or unauthorized user actions.
Recommendation
Immediately update Google Chrome to version 150.0.7871.47 or later to remediate the vulnerability.
Original NVD description (English source)
Inappropriate implementation in MediaCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

