CVE Catalog

CVE-2026-14140

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile — higher than 8% of all known CVEs

Summary

Insufficient validation of untrusted input in Google Chrome on Android prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page.

Risk Assessment

The risk involves the potential display of a fake interface, which could trick the user into disclosing sensitive information or performing unwanted actions.

Recommendation

It is recommended to immediately update Google Chrome on Android to version 150.0.7871.47 or later.

Original NVD description (English source)

Insufficient validation of untrusted input in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS