CVE-2026-13986
MediumCVSS 4.2Exploitation Probability (EPSS)
Low risk10th percentile — higher than 10% of all known CVEs
Summary
An inappropriate implementation in the Media UI component of Google Chrome on ChromeOS prior to version 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to conduct UI spoofing via a crafted HTML page.
Risk Assessment
The risk involves the potential to deceive the user about the actual behavior of the interface, which could lead to disclosure of sensitive data or execution of unauthorized actions.
Recommendation
It is recommended to immediately update Google Chrome on ChromeOS to version 150.0.7871.47 or later.
Original NVD description (English source)
Inappropriate implementation in Media UI in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

