CVE-2026-14132
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
A vulnerability in WebXR in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from inappropriate implementation in WebXR.
Risk Assessment
An attacker could trick users by displaying fake UI elements, potentially leading to data theft or unwanted actions. The risk is low due to the limited scope of the vulnerability.
Recommendation
It is recommended to immediately update Google Chrome to version 150.0.7871.47 or later. Users should also be advised to exercise caution when opening unknown HTML pages.
Original NVD description (English source)
Inappropriate implementation in WebXR in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

