CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
Inappropriate implementation in TabStrip in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.
An inappropriate implementation in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. The issue is rated as low severity.
Insufficient validation of untrusted input in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page, provided the user was convinced to engage in specific UI gestures.
Insufficient validation of untrusted input in Chrome for iOS prior to version 150.0.7871.47 allows a remote attacker to perform UI spoofing via a crafted HTML page.
Insufficient validation of untrusted input in the Network component of Google Chrome prior to version 150.0.7871.47 allows a remote attacker who has compromised the renderer process to perform UI spoofing via a crafted HTML page. The vulnerability has a low severity rating from Chromium.
An inappropriate implementation in Autofill in Google Chrome on Android prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue is rated as low severity by the Chromium security team.
A race condition in History Embeddings in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The vulnerability has a low Chromium security severity.
A vulnerability in WebXR in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from inappropriate implementation in WebXR.
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page.
An incorrect security UI in the Omnibox of Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue is rated as low severity.
In Google Chrome on Android prior to version 150.0.7871.47, an inappropriate implementation in PreviewTab allowed a remote attacker, by convincing a user to perform specific UI gestures, to perform UI spoofing via a crafted HTML page.
An inappropriate implementation in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker to spoof the Omnibox (URL bar) contents via a crafted HTML page. The issue stems from improper handling in the browser.
An inappropriate implementation in the Printing module of Google Chrome prior to version 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. The vulnerability has a Chromium security severity of Low.
In Google Chrome on Android prior to version 150.0.7871.47, an incorrect security UI allows a remote attacker to perform domain spoofing via a crafted HTML page.
An uninitialized use vulnerability in the ANGLE component of Google Chrome prior to version 150.0.7871.47 allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
A vulnerability in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker to spoof the Omnibox (URL bar) contents via a crafted HTML page due to incorrect security UI.
A type confusion vulnerability in Bluetooth within Google Chrome on Windows (prior to version 150.0.7871.47) allows an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. The issue is rated as Low severity by the Chromium team.
Insufficient data validation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to leak cross-origin data via a crafted HTML page.
Insufficient validation of untrusted input in DevTools in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page.
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page.

