CVE Catalog

CVE-2026-14123

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile — higher than 8% of all known CVEs

Summary

A vulnerability in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker to spoof the Omnibox (URL bar) contents via a crafted HTML page due to incorrect security UI.

Risk Assessment

An attacker can display a fake URL, facilitating phishing and fraud as the user may believe they are on a trusted site.

Recommendation

Update Google Chrome on iOS to version 150.0.7871.47 or later immediately.

Original NVD description (English source)

Incorrect security UI in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS