Description
Incorrect security UI in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker who has compromised the renderer process in Google Chrome before version 150.0.7871.47 can craft an HTML page that displays a fake password prompt, misleading users into believing the prompt is legitimate. This flaw is an example of CWE‑639 and CWE‑800 weaknesses, allowing the malicious page to impersonate Chrome’s security UI and potentially lead to credential compromise or other deceptive attacks. The vulnerability is rated medium severity by Chromium security teams.

Affected Systems

Google Chrome versions earlier than 150.0.7871.47 are affected. Users running these builds on any operating system that Chrome supports are susceptible.

Risk and Exploitability

The attack requires that the attacker already gain control over the renderer, which can be achieved through malicious content or a separate exploit. While the EPSS score is not available, the medium severity rating and the lack of KEV listing suggest that widespread exploitation is not yet observed. Still, the potential for users to be tricked into entering credentials warrants prompt remediation.

Generated by OpenCVE AI on July 1, 2026 at 05:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 150.0.7871.47 or newer.
  • Enable Chrome’s Safe Browsing feature to reduce exposure to deceptive pages.
  • Regularly update your operating system and anti‑malware solutions to help detect and block exploits that could compromise the renderer process.

Generated by OpenCVE AI on July 1, 2026 at 05:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 05:45:00 +0000

Type Values Removed Values Added
Title UI Spoofing via Crafted Password Prompt in Google Chrome Pre‑150.0.7871.47
Weaknesses CWE-639
CWE-800

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Incorrect security UI in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:38:44.643Z

Reserved: 2026-06-29T23:04:07.932Z

Link: CVE-2026-13982

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T05:30:17Z

Weaknesses