UI Spoofing in Google Chrome on Windows

Publication date: 2026-05-20

Last updated on: 2026-05-21

Assigner: Chrome

Description

Inappropriate implementation in UI in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Critical)

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-05-20

Last Modified

2026-05-21

Generated

2026-06-30

AI Q&A

2026-05-20

EPSS Evaluated

2026-06-29

NVD

CVE-2026-9110

EUVD

EUVD-2026-31159

Affected Vendors & Products

Vendor	Product	Version / Range
google	chrome	to 148.0.7778.179 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-451	The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.

Attack-Flow Graph

Executive Summary

This vulnerability is an inappropriate implementation in the user interface (UI) of Google Chrome on Windows versions prior to 148.0.7778.179. It allows a remote attacker, who has already compromised the renderer process, to perform UI spoofing by using a specially crafted HTML page.

Impact Analysis

The vulnerability can impact you by enabling a remote attacker to spoof the browser's UI, potentially tricking you into believing you are interacting with legitimate content or controls. This could lead to phishing attacks or other deceptive actions. However, the attacker must have already compromised the renderer process, and the vulnerability has a moderate severity with limited impact on confidentiality and availability.

Hi! I’m here to help you understand CVE-2026-9110. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70