Description
Inappropriate implementation in MediaCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Inappropriate use of MediaCapture in Google Chrome permits a remote attacker, after gaining control of the renderer process, to deliver UI spoofing through a specially crafted HTML page. The flaw allows the attacker to mimic or alter interface elements presented to the user, potentially enabling social‑engineering attacks that could mislead the user into revealing confidential information or performing undesired actions. Because the attack vector requires earlier compromise of the renderer process, the impact is limited to situations where the renderer is already subverted, meaning the flaw alone does not provide direct remote code execution, but it does increase the attack surface for deceptive techniques.

Affected Systems

Google Chrome versions released before 150.0.7871.47 are affected. Systems running these older Chrome builds are vulnerable unless they are updated beyond the stated version threshold.

Risk and Exploitability

The CVSS score is not disclosed and the EPSS score is unavailable, but the Chromium security team rated the issue as medium severity. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires that the attacker already compromise the renderer process, which is nontrivial and typically occurs via another flaw or through social engineering. As a consequence, while the likelihood of discovery and exploitation is moderate, the potential for user deception and subsequent compromise remains notable for environments that expose untrusted web content.

Generated by OpenCVE AI on July 1, 2026 at 05:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 150.0.7871.47 or newer
  • Ensure the Chrome renderer processes run with the strictest sandboxing options and minimal privileges
  • Enable and regularly review any browser security settings that restrict renderer access to system resources

Generated by OpenCVE AI on July 1, 2026 at 05:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 05:45:00 +0000

Type Values Removed Values Added
Title UI Spoofing via Renderer Compromise in Chrome MediaCapture
Weaknesses CWE-1024
CWE-1038

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in MediaCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:38:45.825Z

Reserved: 2026-06-29T23:04:09.385Z

Link: CVE-2026-13985

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T05:30:17Z

Weaknesses
  • CWE-1024

    Comparison of Incompatible Types

  • CWE-1038

    Insecure Automated Optimizations