CVE Catalog

CVE-2026-14114

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

1th percentile — higher than 1% of all known CVEs

Summary

An inappropriate implementation in WebAppInstalls in Google Chrome on Android prior to version 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file. This issue is rated as Low severity by the Chromium security team.

Risk Assessment

A local attacker could spoof the trusted web app installation interface, potentially tricking the user into performing unintended actions.

Recommendation

Update Google Chrome on Android to version 150.0.7871.47 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

Inappropriate implementation in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file. (Chromium security severity: Low)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS