CVE-2026-9110
UI Spoofing in Google Chrome on Windows
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: Chrome
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chrome | to 148.0.7778.179 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-451 | The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an inappropriate implementation in the user interface (UI) of Google Chrome on Windows versions prior to 148.0.7778.179. It allows a remote attacker, who has already compromised the renderer process, to perform UI spoofing by using a specially crafted HTML page.
How can this vulnerability impact me? :
The vulnerability can impact you by enabling a remote attacker to spoof the browser's UI, potentially tricking you into believing you are interacting with legitimate content or controls. This could lead to phishing attacks or other deceptive actions. However, the attacker must have already compromised the renderer process, and the vulnerability has a moderate severity with limited impact on confidentiality and availability.