CVE Catalog

CVE-2026-14042

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile — higher than 7% of all known CVEs

Summary

A vulnerability in Google Chrome prior to 150.0.7871.47 in the Isolated Web Apps component allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from inappropriate implementation in the Isolated Web Apps mechanism.

Risk Assessment

An attacker could spoof a trusted isolated app interface, potentially leading to data theft or tricking users into performing unintended actions. The risk is low but requires a browser update.

Recommendation

Update Google Chrome to version 150.0.7871.47 or later immediately. It is also recommended to enable automatic browser updates across the organization.

Original NVD description (English source)

Inappropriate implementation in Isolated Web Apps in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS