CVE-2026-13998
MediumCVSS 4.2Exploitation Probability (EPSS)
Low risk5th percentile — higher than 5% of all known CVEs
Summary
In Google Chrome on Mac prior to version 150.0.7871.47, an incorrect security UI in the File Input component allowed a remote attacker, after convincing a user to perform specific UI gestures, to spoof the user interface via a crafted HTML page.
Risk Assessment
The risk involves tricking the user about the actual source or purpose of file operations, potentially leading to unintentional data disclosure or unwanted actions.
Recommendation
Immediately update Google Chrome on Mac systems to version 150.0.7871.47 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
Incorrect security UI in File Input in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

