Description
Inappropriate implementation in TabGroups in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Low)
Published: 2026-06-04
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In Google Chrome versions older than 149.0.7827.53, the TabGroups feature contains an inappropriate implementation. A remote attacker can send malicious network traffic that manipulates the browser's UI, resulting in altered or misleading tab group displays. The flaw does not provide code execution, data exfiltration, or other privileges; it only affects visual rendering of tab groups.

Affected Systems

Google Chrome stable channel desktop clients running any build before 149.0.7827.53 are affected. No additional channels, platforms, or version ranges are specified in the CVE description.

Risk and Exploitability

The vulnerability is classified as Low by Chromium with no EPSS score available and it is not in the CISA KEV catalog. The likely attack vector is through inbound network traffic that carries crafted content directed at the Chrome TabGroups UI. Though the exploit can only produce UI deception, it could aid phishing or social engineering if executed with coordination. Current evidence suggests the risk is limited and exploitation unlikely without targeted content.

Generated by OpenCVE AI on June 5, 2026 at 04:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Chrome update (v149.0.7827.53 or newer) that contains the TabGroups UI fix.
  • If an update cannot be performed immediately, consider disabling the TabGroups feature via Chrome settings or enterprise policy.
  • Monitor Chrome release announcements and ensure browsers are kept to the latest stable version.

Generated by OpenCVE AI on June 5, 2026 at 04:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
Title UI Spoofing via TabGroups in Google Chrome

Fri, 05 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in TabGroups in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Low)
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-04T23:05:54.504Z

Reserved: 2026-06-04T17:10:57.817Z

Link: CVE-2026-11232

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T23:17:31.057

Modified: 2026-06-04T23:17:31.057

Link: CVE-2026-11232

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T05:00:13Z

Weaknesses

No weakness.