CVE Catalog

CVE-2026-14089

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile — higher than 7% of all known CVEs

Summary

Insufficient validation of untrusted input in PopupBlocker in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page.

Risk Assessment

The risk involves tricking users with a fake browser interface, potentially leading to data theft or unauthorized actions. Although the severity is low, it could be exploited in combination with other vulnerabilities.

Recommendation

Immediately update Google Chrome to version 150.0.7871.47 or later. Consider implementing policies to restrict execution of untrusted HTML content.

Original NVD description (English source)

Insufficient validation of untrusted input in PopupBlocker in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS