CVE Catalog

CVE-2026-13998

MediumCVSS 4.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

5th percentile — higher than 5% of all known CVEs

Summary

In Google Chrome on Mac prior to version 150.0.7871.47, an incorrect security UI in the File Input component allowed a remote attacker, after convincing a user to perform specific UI gestures, to spoof the user interface via a crafted HTML page.

Risk Assessment

The risk involves tricking the user about the actual source or purpose of file operations, potentially leading to unintentional data disclosure or unwanted actions.

Recommendation

Immediately update Google Chrome on Mac systems to version 150.0.7871.47 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

Incorrect security UI in File Input in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS