Impact
An inappropriate implementation in the PageInfo component of Google Chrome allows a remote attacker who has compromised the renderer process to create a crafted HTML page that mimics legitimate UI elements, enabling UI spoofing. The vulnerability does not grant arbitrary code execution or direct system compromise; it simply deceives users by rendering counterfeit user interface components within the browser.
Affected Systems
Google Chrome desktop versions prior to 150.0.7871.47 are affected. The flaw resides in PageInfo and applies to all desktop builds of Chrome released before the June 2026 update that introduced the patch.
Risk and Exploitability
The Chromium security severity rating is Medium, and the calculated CVSS score is 6.5, indicating a medium severity flaw. The EPSS score is < 1 %, indicating a low probability of exploitation at present. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires that the attacker already has a foothold by compromising the renderer process, suggesting that this flaw relies on a prior compromise or another vulnerability and is not readily exploitable by an attacker alone.
OpenCVE Enrichment